The VX-Files
The VX-Files
  • README.txt
  • For updates, questions, suggestions or just chatting: @malcrvz
  • Download your own local copy or check my other libre projects: Github/malcrvz
  • 📕Cybersecurity Theory
    • Index
      • Malware types
        • Viruses, worms and Trojans
        • Backdoors, Rootkits and Spyware
        • Botnets, DDoS and Spammer
        • Ransomware
        • Scareware and Adware/PUP/PUA
        • Downloaders and Launchers
        • Hacktool
        • APT - Advanced Persistent Threat
      • Social engineering techniques
        • Phishing
        • Pretexting
        • Baiting
        • Quid pro quo
        • Tailgating
      • Cryptography
        • Hash functions
        • Symmetric, Asymmetric and Hybrid cryptography
        • Digital signatures & Digital certificates
        • TLS Protocol
      • Pentesting methodology & Techniques
        • CIA Triad - Confidentiality, Integrity & Availability
        • The methodology steps
        • Pre-Engagement
        • Information Gathering
          • HTTP status codes
          • robots.txt
        • Vulnerability Assessment
        • Exploitation
          • Password cracking
        • Post-Exploitation & Persistence
          • Types of Shells
        • Privilege Escalation & Lateral Movement
        • Reporting & Remediation
  • 🐧Linux Essentials
    • Index
      • 1, 0, bits, Bytes: Units of digital information
      • User management
      • Packet management
      • Privileges & sudo
      • Passwd & Shadow files
      • Managing files, links and regex
      • find
      • Terminal/TTY
      • SSH
  • 🪟Windows Essentials
    • Index
      • CLI user management
      • CMD File management
  • 🌍Networking Essentials
    • Index
      • Windows CLI IP management
      • Linux IP management
      • Linux CLI Wi-Fi connection
  • 🕸️Network Pentesting
    • Tools
      • 1. Pre-Engagement
        • OpenVPN
      • 2. Information gathering
        • cURL & wget
        • Nmap
        • arp
        • Netcat
        • whatweb
      • 3. Vulnerability assessment
        • smbclient
      • 4. Exploitation
        • Metasploit
        • Hashcat
        • John the Ripper
      • 5. Post-Exploitation & Persistence
        • SSH
      • 6. Privilege escalation & Lateral movement
        • Possible privilege escalation vectors - Auto-enumeration scripts
      • 7. Reporting & Remediation
    • Techniques
      • Upgrade reverse shell to interactive
      • Transferring files to/from remote victim
      • Possible privilege escalation vectors - Manual checklist
    • Resources
      • Manufacturer default passwords lists
        • IP Cameras
      • Get Shells
  • 💉Web App pentesting
    • Tools
      • CeWL
      • Gobuster
      • whatweb
    • Techniques
      • Command injection
    • Resources
      • Reverse Shells
      • Bind Shells
  • 📡Wireless pentesting
    • Tools
    • Techniques
    • Resources
  • 🔓On-Premises Pentesting
    • Tools
    • Techniques
      • Removing Linux user passwords
      • Removing Windows user passwords
    • Resources
  • 💽Disks & Forensics
    • Index
      • Getting a disk ready
      • Inodes & Sectors
      • Recover deleted files
      • BUILDING - Secure file deletion
  • 🕷️Bash scripts
    • coming soon
  • ⚡PowerShell Scripts
    • coming soon
  • 🟩HTB Walkthroughs
    • coming soon
  • 🏴‍☠️External Resources
    • Schools
    • Books & Wikis
    • Utilities
    • Interactive cheat sheets
    • Wordlists
Powered by GitBook
On this page
  • Tech Support scam
  • CEO Fraud scam
  • Trust scam
  • Job scam
  • Relationship scam AKA Catfishing
  • Charity scam
  • Lottery scam
  1. Cybersecurity Theory
  2. Index
  3. Social engineering techniques

Pretexting

Last updated 1 year ago

A form of social engineering that involves creating a fabricated scenario and assuming a false identity to manipulate individuals into sharing sensitive information or taking unknowingly self-sabotage actions. While it is related to phishing and its usually done in conjunction, pretexting is more centered into tailoring a background story and can be executed through digital or real life mediums. It can even involve actors or voice actors.

Tech Support scam

Bad actors pass as a tech support personnel, faking some problem on the system or network using urgency and fear manipulation to trick the victim.

CEO Fraud scam

Bad actors impersonate the CEO of the company to exert pressure and instill fear into the idea of refusing to collaborate even if its still a strange petition.

Trust scam

Bad actors impersonate any trusted medium of the victim, so its guard is down.

Job scam

Bad actors impersonate hiring personnel with fake job offers to, probably in need, victims that will comply easily into giving away data or directly money in promise of job opportunity.

Relationship scam AKA Catfishing

Bad actors create a fake online persona, to deceive and manipulate individuals into a fake relationship. This scam gained popularity with the rise of online dating and social media. The goal is to gain the trust of the victim with fake promises and words of love, then asking for money with some sort of fabricated dire situation. Fake profiles can be done with minimal effort, be run by bots and be spammed all over the internet or be thorough and tailored to the interests of a particular victim. I can recommend a YouTube channel that investigates real cases of catfishing, .

Charity scam

Bad actors impersonate as a charity group using emotional manipulation to trick victims into giving away money to fake entities or recollect personal data.

Lottery scam

Bad actors impersonate a fake lottery organization and manipulate the victims into believing they won a prize, using this premise to ask for money in order to reclaim it or requesting personal information. Try will create a sense of urgency and excitement to cloud the judgement of the victims.

📕
link