TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Black Hills InfoSec

How to Design and Execute Effective Social Engineering Attacks by Phone

BHIS · 2025-06-18 · Read original ↗

ATT&CK techniques detected

24 predictions
T1589.001Credentials
63%
". these names can then be morphed to resemble typical username format and later tested against services like microsoft 365 or other systems to see if they might be valid. trust me, you ’ re going to want usernames if you plan on going after external assets, vpns, or cloud environ…"
T1566.004Spearphishing Voice
63%
"number that our security team has assigned to you for the reset to take place. please open up your authenticator app and enter 56. ” - * employee enters 56. * - * tester resets password. * - microsoft sspr can also display security questions belonging to the target user. during a…"
T1684.001Impersonation
62%
"number that our security team has assigned to you for the reset to take place. please open up your authenticator app and enter 56. ” - * employee enters 56. * - * tester resets password. * - microsoft sspr can also display security questions belonging to the target user. during a…"
T1589Gather Victim Identity Information
61%
"see how information obtained passively can further empower social engineering efforts. active recon : warming up the lines now it ’ s time to make some calls. these calls are designed to elicit additional information and can also serve as a nice “ warm - up ” for the calls made w…"
T1589Gather Victim Identity Information
60%
"##er number and not your real one. i highly recommend calling yourself with whatever service you decide to use first. that way you can get accustomed to the tools and operate smoothly during your test. reconnaissance : the art of knowing your prey as with any test involving recon…"
T1598.004Spearphishing Voice
58%
"part of this section, i ’ ve detailed some ruses that i find to be particularly effective within corporate environments. unlike the ruses briefly shown in the active recon section above, these are designed to attack and compromise users. - compromise : manager contact hijack - ta…"
T1566.004Spearphishing Voice
51%
"part of this section, i ’ ve detailed some ruses that i find to be particularly effective within corporate environments. unlike the ruses briefly shown in the active recon section above, these are designed to attack and compromise users. - compromise : manager contact hijack - ta…"
T1598Phishing for Information
48%
", which focuses on exploiting technical vulnerabilities, social engineering targets the human element. and believe me : there is no blanket patch for the human populace. in this blog, we ’ ll explore the different phases of a social engineering penetration test. we will examine h…"
T1684.001Impersonation
46%
"part of this section, i ’ ve detailed some ruses that i find to be particularly effective within corporate environments. unlike the ruses briefly shown in the active recon section above, these are designed to attack and compromise users. - compromise : manager contact hijack - ta…"
T1598Phishing for Information
40%
"handbook ”. intext : ” @ example. com ” it sometimes people are happy to post information about their help desk on the public - facing internet. queries like “ it, ” “ service desk, ” “ helpdesk, ” or “ help desk ” can quickly pull out valuable data. google image / maps search se…"
T1589Gather Victim Identity Information
40%
"handbook ”. intext : ” @ example. com ” it sometimes people are happy to post information about their help desk on the public - facing internet. queries like “ it, ” “ service desk, ” “ helpdesk, ” or “ help desk ” can quickly pull out valuable data. google image / maps search se…"
T1598.001Spearphishing Service
40%
"part of this section, i ’ ve detailed some ruses that i find to be particularly effective within corporate environments. unlike the ruses briefly shown in the active recon section above, these are designed to attack and compromise users. - compromise : manager contact hijack - ta…"
T1598Phishing for Information
39%
". everybody gets a new phone. everybody needs help with something. everybody has a busy task that needs to be completed quickly. - conveys the following emotions or feelings : - authority : pose as someone with clout ( it, hr ) or urgency ( a vip customer ). people hesitate to ch…"
T1598Phishing for Information
39%
"exist that can offer up contact information from employees. when conducting a blind social engineering test, the client may not give you access to phone numbers and websites. social media sweep social media is great, and sometimes people just love to overshare. i ’ ve included so…"
T1589Gather Victim Identity Information
38%
"exist that can offer up contact information from employees. when conducting a blind social engineering test, the client may not give you access to phone numbers and websites. social media sweep social media is great, and sometimes people just love to overshare. i ’ ve included so…"
T1598.004Spearphishing Voice
37%
"number that our security team has assigned to you for the reset to take place. please open up your authenticator app and enter 56. ” - * employee enters 56. * - * tester resets password. * - microsoft sspr can also display security questions belonging to the target user. during a…"
T1684.001Impersonation
37%
"hi, i ’ m an employee who forgot my id number. is this hr? ” - help desk number : “ i forgot my password ; is this the right place to call for help with my computer? ” - random numbers : dial extensions and play confused : “ i need help with my password / changing my contact info…"
T1598.004Spearphishing Voice
37%
"you are mid - attack. to help with this, i generally take screenshots of every single instance where my browser changes as i navigate the environment and i immediately save it with a cool tool called greenshot, which lets you immediately save captures to an output directory. afte…"
T1589Gather Victim Identity Information
34%
"test is almost always google dorking. for those who may be unaware, google dorking refers to a technique that involves entering unique search parameters into google in order to provide highly fine - tuned results. these results may be employee usernames and email addresses or sen…"
T1566Phishing
34%
"how to design and execute effective social engineering attacks by phone how to design and execute effective social engineering attacks by phone john malone is a penetration tester for black hills information security. he regularly performs external, internal, and social engineeri…"
T1598Phishing for Information
34%
"order to captivate someone. - embody the role : mentally become the it guy or hr rep. confidence flows from belief. if you are posing as an it security person who is rushing to reach out to employees, your tone of voice should encompass a sense of command and expertise. you shoul…"
T1598.004Spearphishing Voice
32%
"handbook ”. intext : ” @ example. com ” it sometimes people are happy to post information about their help desk on the public - facing internet. queries like “ it, ” “ service desk, ” “ helpdesk, ” or “ help desk ” can quickly pull out valuable data. google image / maps search se…"
T1098Account Manipulation
31%
"not worth the payoff unless you are truly out of options. microsoft self - service password reset ( sspr ) visit https : / / aka. ms / sspr and plug in a target ’ s username. if the organization allows for users to reset their own password, you ’ ll get the option to reset creden…"
T1684.001Impersonation
30%
". everybody gets a new phone. everybody needs help with something. everybody has a busy task that needs to be completed quickly. - conveys the following emotions or feelings : - authority : pose as someone with clout ( it, hr ) or urgency ( a vip customer ). people hesitate to ch…"

Summary

How to Design and Execute Effective Social Engineering Attacks by Phone

Social engineering is the manipulation of individuals into divulging confidential information, granting unauthorized access, or performing actions that benefit the attacker, all without the victim realizing they are being tricked.

The post How to Design and Execute Effective Social Engineering Attacks by Phone appeared first on Black Hills Information Security, Inc..