Which human vector is commonly involved in voice call-based attacks?

Pretexting is a social engineering technique where an attacker creates a fabricated scenario, or pretext, to obtain sensitive information from the target. In voice call-based attacks, this often involves impersonating someone the victim trusts, such as a company representative, official, or even someone they know personally. The attacker leverages this fabricated identity to manipulate the victim into divulging confidential details or performing certain actions.

This tactic is particularly effective during voice calls because it allows the attacker to engage directly with the victim, employing tone and inflection to build rapport or instill urgency. As a result, victims may be more inclined to comply with requests for information or actions that they might otherwise question in a less personal interaction, such as via email or text.

In contrast, the other options, while related to security and social engineering, do not specifically focus on voice call interactions. Phishing typically applies to email or digital communications, shoulder surfing involves observing someone in person, and social engineering encompasses a broader range of manipulation techniques that may not directly pertain to voice calls.