Psychological Triggers:
  - Authority and urgency
  - Trust and reciprocity  
  - Fear and intimidation
  - Curiosity and greed
  - Social proof and compliance

Mass Distribution Phishing:
  Targets: Large user bases
  Content: Generic messages
  Success Rate: 3-5%
  Examples:
    - "Verify your account"
    - "Security alert"
    - "Prize notification"
    - "Invoice attached"

Targeted Phishing:
  Targets: Specific individuals/organizations
  Content: Personalized messages
  Success Rate: 70-90%
  Research Required:
    - LinkedIn profiles
    - Company information
    - Recent news/events
    - Personal details

# Typosquatting examples
amazon.com → amazom.com
google.com → googIe.com (capital i)
microsoft.com → microsooft.com
paypal.com → paypaI.com

# Subdomain spoofing
secure.paypal.phishing-site.com
login.microsoft.attacker.com

Email Header Manipulation:
  From Field Spoofing:
    - Display name impersonation
    - Similar domain usage
    - Reply-to redirection
  
  Technical Bypasses:
    - SPF record limitations
    - DKIM signature issues
    - DMARC policy gaps
    - Email client vulnerabilities

<!-- Fake login page HTML -->
<form action="harvest.php" method="POST">
  <h2>Microsoft Office 365 Sign In</h2>
  <input type="email" name="email" placeholder="Email" required>
  <input type="password" name="password" placeholder="Password" required>
  <button type="submit">Sign In</button>
</form>

<style>
/* Mimics legitimate Microsoft styling */
body { font-family: 'Segoe UI', Arial; }
.login-box { background: #fff; border: 1px solid #ccc; }
</style>

MFA Bypass Techniques:
  Real-time Phishing:
    - Capture credentials immediately
    - Prompt for MFA token
    - Relay authentication in real-time
    - Session hijacking post-authentication
  
  Tools and Frameworks:
    - Evilginx2 (reverse proxy)
    - Modlishka (flexible phishing)
    - SET (Social-Engineer Toolkit)
    - King Phisher (campaign management)

Vishing Techniques:
  Caller ID Spoofing:
    - Legitimate number display
    - Government agency impersonation
    - Bank/financial institution calls
  
  Pretexting Scenarios:
    - "Account security verification"
    - "System maintenance notification"  
    - "Fraud prevention callback"
    - "Survey/research participation"
  
  Voice Tools:
    - Voice changers and modulators
    - Text-to-speech generators
    - Call center simulation
    - Background noise generation

SMS Attack Vectors:
  Short URL Abuse:
    - bit.ly/malicious-link
    - tinyurl.com/fake-bank
    - Custom domain redirects
  
  Common Pretexts:
    - "Package delivery issue"
    - "Account locked notification"
    - "Prize/lottery winnings"
    - "COVID-19 contact tracing"

Access Methods:
  Tailgating:
    - Follow authorized person through door
    - Act naturally and confidently
    - Use distraction techniques
    - Dress appropriately for environment
  
  Piggybacking:  
    - Request access assistance
    - Carry packages or appear busy
    - Use fake visitor credentials
    - Exploit politeness and helpfulness
  
  Prevention Challenges:
    - Social courtesy norms
    - Busy environment distractions
    - Authority appearance bias
    - Trust assumptions

Common Pretexts:
  IT Support Personnel:
    - "System maintenance required"
    - "Password reset assistance"
    - "Network troubleshooting"
    - "Security audit compliance"
  
  Delivery Personnel:
    - Package delivery
    - Equipment installation
    - Maintenance services
    - Document pickup
  
  Authority Figures:
    - Government inspectors
    - Auditors and compliance
    - Law enforcement
    - Executive assistants

Valuable Targets:
  Physical Documents:
    - Employee directories
    - Network diagrams  
    - Password lists
    - Financial records
    - Meeting minutes
  
  Digital Storage:
    - Discarded hard drives
    - USB devices
    - Backup tapes
    - Printed emails
    - Configuration printouts
  
  Legal Considerations:
    - Property ownership laws
    - Privacy regulations
    - Trespassing concerns
    - Evidence handling

Observation Techniques:
  Direct Observation:
    - Standing behind targets
    - Using reflective surfaces
    - Long-distance observation
    - Social engineering conversations
  
  Technical Assistance:
    - Hidden cameras
    - Telephoto lenses  
    - Audio recording devices
    - Keystroke loggers
  
  High-Value Locations:
    - Airport lounges
    - Coffee shops
    - Public transportation
    - Office environments

Authority Bias:
  - Executive impersonation
  - Government agency claims
  - IT department requests
  - Vendor/supplier communications
  
Urgency Manipulation:
  - "Account will be closed"
  - "Security breach detected"
  - "Immediate action required"
  - "Limited time offer"
  
Combination Effects:
  - CEO fraud schemes
  - Emergency IT requests
  - Audit compliance demands
  - Legal notice responses

Trust Building:
  - Shared connections/references
  - Industry knowledge display
  - Helpful preliminary actions
  - Professional appearance
  
Reciprocity Triggers:
  - Free gifts or services
  - Insider information sharing
  - Problem-solving assistance  
  - Exclusive opportunities
  
Social Proof:
  - "Others have already..."
  - Testimonials and reviews
  - Peer pressure tactics
  - Bandwagon effects

Fear-Based Attacks:
  Security Threats:
    - "Account compromised"
    - "Virus detected"
    - "Identity theft alert"
    - "Legal action pending"
  
  Financial Concerns:
    - "Unauthorized transactions"
    - "Tax audit notice"
    - "Investment losses"
    - "Insurance claims"
  
  Personal Safety:
    - "Emergency situation"
    - "Health concerns"
    - "Family member issues"
    - "Location tracking"

Greed-Based Lures:
  - Lottery winnings
  - Investment opportunities
  - Job offers with high pay
  - Inheritance claims
  
Curiosity Exploitation:
  - "Confidential documents"
  - "Secret information"
  - "Exclusive access"
  - "Behind-the-scenes content"
  
Emotional Manipulation:
  - Romance scams
  - Charity fraud
  - Family emergency scenarios
  - Pet rescue stories

Scenario: "Urgent Wire Transfer"
  Target: Finance/Accounting staff
  Impersonation: C-level executive
  Request: Urgent financial transfer
  Urgency: "Confidential acquisition"
  
Common Phrases:
  - "Need this done ASAP"
  - "Don't discuss with anyone"
  - "Board meeting requirement"  
  - "Acquisition in progress"
  
Success Factors:
  - Executive travel timing
  - End-of-quarter pressure
  - Legitimate-looking emails
  - Authority compliance culture

Scenario: "Account Update Required"
  Target: Accounts payable
  Impersonation: Trusted vendor
  Request: Bank account change
  Justification: "New banking system"
  
Attack Process:
  1. Vendor relationship research
  2. Email account compromise
  3. Payment redirection request
  4. Follow-up confirmation calls
  
Red Flags:
  - Sudden account changes
  - Different communication style
  - Urgency without verification
  - Non-standard processes

# Account compromise techniques
def email_compromise_methods():
    methods = {
        'credential_stuffing': {
            'description': 'Reuse leaked passwords',
            'tools': ['Hydra', 'Burp Suite', 'Custom scripts'],
            'success_rate': 'Medium'
        },
        'password_spraying': {
            'description': 'Common passwords across users',
            'tools': ['SprayingToolkit', 'CredKing'],
            'success_rate': 'High'
        },
        'phishing_compromise': {
            'description': 'Targeted credential harvesting',
            'tools': ['Evilginx2', 'Modlishka'],
            'success_rate': 'Very High'
        }
    }
    return methods

# Email forwarding rules
def setup_stealth_forwarding():
    rules = {
        'outlook_rule': 'Forward emails containing "invoice" to attacker',
        'gmail_filter': 'Forward financial emails and delete originals',
        'stealth_timing': 'Activate during business hours only'
    }
    return rules

Target Research:
  Public Sources:
    - Company website org charts
    - LinkedIn employee profiles
    - Press releases and news
    - SEC filings and reports
  
  Technical Reconnaissance:
    - Email pattern identification
    - Domain infrastructure mapping
    - Technology stack enumeration
    - Communication system analysis
  
  Social Media Intelligence:
    - Executive travel schedules
    - Company event participation
    - Employee personal information
    - Relationship mapping

# SET installation and usage
git clone https://github.com/trustedsec/social-engineer-toolkit/
cd social-engineer-toolkit
python setup.py install

# SET menu options
./setoolkit

# Common SET attacks
1) Social-Engineering Attacks
   1) Spear-Phishing Attack Vectors
   2) Website Attack Vectors  
   3) Infectious Media Generator
   4) Create a Payload and Listener
   5) Mass Mailer Attack

GoPhish Framework:
  Features:
    - Campaign management
    - Template creation
    - Real-time tracking
    - Detailed reporting
  
  Capabilities:
    - Landing page cloning
    - Email template design
    - User tracking and analytics
    - Training integration
  
King Phisher:
  Features:
    - Professional phishing campaigns
    - Advanced templating
    - Plugin architecture
    - Detailed statistics

Voice Manipulation:
  - Ventrillo (voice changer)
  - MorphVOX (real-time voice)
  - Adobe Audition (recording/editing)
  - SpoofCard (caller ID spoofing)
  
Background Audio:
  - Office environment sounds
  - Call center audio loops
  - Traffic and public spaces
  - Emergency service sounds
  
Script Templates:
  - IT helpdesk scenarios
  - Bank security departments
  - Government agencies
  - Vendor support calls

Credential Harvesting Pages:
  - HTTrack (website cloning)
  - Social-Engineer Toolkit
  - Custom HTML/CSS development
  - Domain spoofing services
  
Physical Props:
  - Fake identification badges
  - Clipboard and official forms
  - Branded clothing/uniforms
  - Business cards and letterhead
  
Documentation:
  - Vendor contracts
  - Government identification
  - Official letterhead
  - Authorization forms

Email Authentication:
  SPF Records:
    - Specify authorized mail servers
    - Prevent from field spoofing
    - Configure hard fail policies
  
  DKIM Signatures:
    - Cryptographic email signing
    - Message integrity verification
    - Reputation-based filtering
  
  DMARC Policies:
    - Domain-based message authentication
    - Reporting and forensics
    - Quarantine/reject configuration

MFA Implementation:
  Strong Factors:
    - Hardware tokens (YubiKey)
    - Biometric authentication
    - Certificate-based authentication
    - Push notifications with context
  
  Weak Factors to Avoid:
    - SMS-based codes
    - Email-based tokens
    - Security questions
    - Static passwords

Training Components:
  Threat Recognition:
    - Phishing identification
    - Social engineering tactics
    - Pretexting scenarios
    - Physical security awareness
  
  Response Procedures:
    - Incident reporting process
    - Verification protocols
    - Escalation procedures
    - Communication guidelines
  
  Regular Testing:
    - Simulated phishing campaigns
    - Social engineering assessments
    - Security culture metrics
    - Continuous improvement

Security Policies:
  Verification Procedures:
    - Multi-person authorization
    - Out-of-band verification
    - Standard communication channels
    - Change management processes
  
  Physical Security:
    - Visitor management systems
    - Employee escort requirements
    - Secure disposal procedures
    - Clean desk policies