The recent scandal at Hewlett Packard brought a more sophisticated form of identity theft via social engineering to the public consciousness: pretexting.

According to the Federal Trade Commission, pretexting is the practice of getting your personal information under false pretenses. Pretexters sell your information to people who may use it to get credit in your name, steal your assets, or to investigate or sue you. That information may include your Social Security Number (SSN), telephone records and your bank and credit card account numbers.

Pretexters use a variety of tactics to get your personal information. For example, a pretexter may call, claim he's from a survey firm, and ask you a few questions. When the pretexter has the information he wants, he uses it to call your financial institution. He pretends to be you or someone with authorized access to your account. He might claim that he's forgotten his checkbook and needs information about his account.

In this fashion, the pretexter may be able to obtain personal information about you such as your SSN, bank and credit card account numbers, information in your credit report. Pretexting is the key to identity theft, which most commonly results in credit card fraud, bank fraud, loan fraud and communications fraud (opening a phone account fraudulently).

However pretexting is also alive and well in the private gumshoe community: investigators ostensibly working quietly but aboveboard for legitimate clients. There is a thriving network of creative con artists who gather phone records and other private data. Some of their clients are major banks and insurance companies. Pretexting has often been the corporate investigative tool of choice.

The most notorious example of this practice coming to light recently has been the drama played out at Hewlett Packard, where the board chairwoman and other HP luminaries hired an investigative agency to track the source of leaks coming from board meetings. The investigators, in turn, engaged in pretexting to attempt to gain phone records on a suspected board member and on the journalist(s) who were writing stories based on the links.

Computer hackers call the use of an assumed identity "social engineering." That's an endearing title for theft, but the fact is that this type of behavior has been in the news for some time preceding the HP fiasco. Presidential candidate Wesley Clark had his cell phone records purchased by a blogger, who turned them into a major political story. The HP story has resulted in an investigation by the California Attorney General’s office, which says that it currently has six "major" pretexting cases under investigation, all of them corporate in nature.

HP’s filing with the Security and Exchange Commission regarding this matter states in part that, "The (HP board) Committee was then advised by ... outside counsel that the use of pretexting at the time of the investigation was not generally unlawful (except with respect to financial institutions)..."

The Federal Trade Commission’s web site section on this issue reads as follows: "Pretexting is the practice of getting your personal information under false pretenses. Pretexters sell your information to people who may use it to get credit in your name, steal your assets, or to investigate or sue you. Pretexting is against the law."

HP’s investigators are currently under indictment. It will be interesting to see what comes of the board members and lawyers who found their methods "not generally unlawful."