Tips and Tricks
- Send password protected documents.
- Send links instead of attachments, S3 buckets and Azure blobs are a good choice.
- Avoid built-in document viewers.
- Unleash your inner sociopath, provide compliments and play with their emotions.
- Assume worst case scenario.
- Start a conversation with the victim before ending your malicious document.
- Leverage current events for a good pretext.
- clone internal email signatures and spoof phone numbers, following the standard email template for a company can really lure people in.
- Make your document phone back home whenever opened to have a better sense of idea of what went wrong if you encounter some failure.
Last modified 1yr ago