In pretexts, the simpler the better. Pretexts are built on storylines, made-up facts, and some intrinsic details. There is a point a pretext can get such that there are simply too many details for the social engineer to remember such that the pretext ends up failing. One of the reasons why social engineers are caught is when they are unable to recall things they mentioned early on or when their words do not add up to something they said early on. As captured by a psychologist that studied human deception, Dr. Ekman wrote an article detailing how lies fail in the process of human deception. According to him, lies fail when a liar is not able to anticipate questions that may be asked. Even if the liar is clever, there are some unanticipated changes of circumstances that can betray him or her. Ekman also says that even when circumstances do not change, a liar might have problems recalling their lies and thus causing the lie to fail.
As can be seen from Dr. Paul Ekman's observations, it is better to create a smaller lie or pretext such that there is not much that can be confused. A very complex pretext could be uncovered just by one small mistake. It is therefore not worth it to spend so much time and resources trying to make something that can fail within a blink of an eye. Simpler pretexts are more optimal for social engineers. Not only is it easy to create, it is easy to recall everything. This allows the social engineer to execute the con in confidence and look natural when doing it. For instance, when appearing before Chief Security Officer as a network repair person from a contracted company, a social engineer who keeps the scope of his pretext very small has a better chance of getting access to the server room than one who comes with a whole barrage of excuses to be let into the server room.
The idea is to have and to keep straight facts. When a pretext is too big or complex, there are simply too many components, one of which could be mistaken. A target will be actively listening during an attack and thus will be better placed to catch inconsistencies. A small pretext has several advantages. To begin with, the social engineer could leave out gaps for the target to fill. This way, it is the target's imagination that will be at fault if some contraventions happen later on. A simple pretext also allows the social engineer to grow it when necessary. A bigger pretext, on the other hand, is hard to reduce since the target is made aware of so many things that it gets suspicious when others are dropped without explanations. A simple pretext also removes the social engineer from the position of elaborating. It is in the process of elaborating that mistakes can easily be made as a social engineer can score an own goal by not being able to match an earlier told version of a story.
Let us take an example of a real-life explanation of this. Let us say that we are a social engineer trying to get to the server room of a company. We could use observation skills to get to know the real company that does network or computer repairs. From that, we could get their logos and get shirts printed with their name, logo, and slogans. Alongside this, we could have badges made, which we boldly wear on the day of the attack. This is going to be very helpful, especially with the security guards manning the entrance. The majority of physical controls at entrances are security guards. Upon waving our badges and fully clad in shirts labelled with the company name that does repairs, a short explanation that we've been called by the IT department will be easily bought and we'll have free entry into the organization. At the reception, we could stick to the same pretext, that we've been called by the IT department to urgently check on a problem with one of the servers. At this point, the receptionist could give us access or call one of the IT department employees to allow us into the server room. If anything arises, we could stick with the simple pretext till we get inside the server room:
