What Is Pretexting, and Is It Legal

I have had an ongoing debate about pretexting with a fellow private investigator over the past several years.

This colleague loathes the word “pretexting,” in part because of the definition of the term.

Pretexting is defined by the Federal Trade Commission as “the practice of getting personal information under false pretenses.” Sounds pretty ominous, right? Expanding on the definition, “personal information” is described as bank and credit card account numbers, information in a credit report, bank account and investment portfolio information, and Social Security numbers.

In much simpler terms, pretexting means representing yourself as one person in order to obtain private information about another person.

There are a few types of pretexting that are completely off-limits and punishable by law:

The Telephone Records and Privacy Protection Act of 2006 made it a federal offense to utilize pretexting to buy, sell, or obtain phone records.

Pretexting for financial records was specifically outlawed in 1999 under the Gramm-Leach-Bliley Act, which made it illegal to solicit others to obtain financial information via pretext.

In addition, while there is no pretexting provision in the law, HIPAA privacy laws protect an individual’s medical records unless consent is provided by the patient.

Although not exactly considered pretexting in the classic sense, there are also a few other forms of pretexting, better described as “impersonation,” that are also punishable by law:

Representing yourself as a police officer or law enforcement officer in any capacity or giving the impression that you are a police officer or law enforcement officer is illegal.

Falsely pretending to be an officer or employer acting under the authority of the United States or any U.S. department or agency is illegal.

Some examples of completely illegal activity are contacting a doctor’s office and falsely pretending to be a patient in order to obtain medical records, inquiring at a telephone company to obtain phone records of another individual, and asking a bank or credit card company for the statements of another individual.

But if you consider the definition once again as “the practice of getting personal information under false pretenses,” pretexting includes a number of practices that private investigators utilize on an almost daily basis. While most people apply the definition of pretexting to some sort of scam, private investigators typically use pretexts to do their jobs.

For example, surveillance investigators may contact an individual’s residence to determine whether the person is home. The surveillance investigator may call the residence and ask for the target person, pretending to be a friend, colleague, or business associate.

They may also call saying they have a delivery for John Smith and want to know when Mr. Smith will be home to sign for the package. An investigator who is looking for someone may call a cell phone to confirm that the number is in fact that of the person sought. In each case, the investigator, when asked, “Who is this?,” is certainly not going to say, “private investigator Danny Jones.” More likely than not, the investigator will use a fabricated name.

So, in these examples, is this pretexting? Technically, yes, because the investigator is using false pretenses to elicit information.

Is it illegal?

In my view, and in the view of many investigators, obtaining “sensitive information” under some form of pretext is troubling and concerning. I’m not a legal expert, but I think you will be hard-pressed to find anyone who has ever been charged for conducting an innocuous investigation such as the ones described immediately above.

There is a gray line here, however. There are lots of techniques used by investigators that are completely unethical but may not be technically illegal; for example, if I called pretending to be a former employee of a company and obtained salary information of the former employee, or if I impersonated a hotel guest to get a copy of a bill or posed as an airline passenger to confirm a flight.

Ethically, I wouldn’t touch those with a 10-foot pole; legally speaking, I am not sure if this crosses the line.

Also, I don’t know an investigator out there who doesn’t have a fake social media profile. That certainly violates terms of service of the social media firm, but the reason investigators typically use a fake profile is to avoid getting caught snooping around. You would cross the line if you were “friending” a target to get nonpublic information or engaging with them to get access to information you wouldn’t otherwise be able to get.

A few years ago, the investigative firm Ergo used a fake-journalist ruse to dig up dirt on an adversary of Uber. Ergo was ripped to shreds by a federal judge overseeing the case, who highlighted a litany of irresponsible and “arguably criminal” acts; however, it doesn’t appear that the company was criminally charged.

Reckless? Careless? Unethical? For sure, but not illegal.

So is pretexting illegal? In certain cases, the answer is absolutely yes. But between that illegal area and the not-so-illegal area, there is a cavernous gray area.

So, where do you draw the line in pretexting?

Enjoyed What You Read?

Sign up for our newsletter and stay up to date with what Hal Humphreys, from Pursuit Magazine, believes to be one of the absolute best blogs in the investigative industry!

5 replies
  1. David C.
    David C. says:

    Great write-up Brian. On a similar topic, mystery shopping and secret shopping is a practice widely used across many businesses to gauge sales/marketing effectiveness, compliance with protocols or strategies, and to look for opportunities for improvement (among other things). Sure sounds like a form of pretexting by the definition above, and could surely cross ethical and legal boundaries. I think this comes down to how well the pretexters are trained, how well they know the applicable laws and regulations in the areas, what the intent is, and what degree of personal and professional integrity exists.

  2. Ron
    Ron says:

    I do believe the GLB was expanded to prohibit pretexting any person or business to obtain another’s banking information after the Congressional hearings after an FBI agent ran a sting on PDJ Services’ owner Patrick Baird (still in business FYI).

    PDJ obtained banking information and sold it to an adverse party. The victim reported the breach to the FBI.

    You can find the transcript on CNET. Patrick Baird plead the 5th while being questioned by congressmen. The Telephone Records Protection Act also was created in 2006 stemming from the same Congressional hearings.

Comments are closed.