# Tips and Tricks

* Send password protected documents.
* Send links instead of attachments, S3 buckets and Azure blobs are a good choice.
* Avoid built-in document viewers.
* Unleash your inner sociopath, provide compliments and play with their emotions.
* Assume worst case scenario.
* Start a conversation with the victim before ending your malicious document.
* Leverage current events for a good pretext.
* clone internal email signatures and spoof phone numbers, following the standard email template for a company can really lure people in.
* Make your document phone back home whenever opened to have a better sense of idea of what went wrong if you encounter some failure.