Added 2 Pretexts

daggersec · Jun 23, 2018 · 1450240 · 1450240
1 parent 6b28e5d
commit 1450240
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 0 deletions.
diff --git a/Phishing Pretexts/AccountWillBeDeactivated b/Phishing Pretexts/AccountWillBeDeactivated
@@ -0,0 +1,35 @@
+<!-- PRETEXT OVERVIEW:
+Credential capture.
+$service: Technology portal in use by target organization. Even better if that service uses a subscription model.
+$greeting: Good morning/afternoon/evening, etc.
+$firstname: Target first name.
+$organization: Target organization.
+$date: Date by which your phishing campaign will end.
+$evilurl: URL to cloned portal for $service.
+$signature: Append or replace with internal signature if acquired.
+$name: Target first and last name.
+
+Can be sent as [email protected]
+Make sure to setup the inbox so users can reply to this message.
+-->
+<b>Subject: $service Account Deactivation Policy</b>
+<br>
+<br>
+$greeting $firstname,
+<br>
+<br>
+Due to a new $organization policy to save on unused licenses, we are looking to deactivate accounts which aren't being actively used. According to our logs, it seems you haven't logged in to your $organization $service account in over 30 days. If you would like to keep your existing account, please access the portal below before $date. Otherwise, there's no need to do anything else.
+<br>
+<br>
+$evilurl
+<br>
+<br>
+Thank you,
+<br>
+<br>
+$organization IT
+<br>
+$signature
+<br>
+<br>
+<i><small>This is an automated message generated by the $organization $service system intended for $name. For further assistance, please reply directly to this message.</i></small>
diff --git a/Phishing Pretexts/PayrollStateTaxIssue b/Phishing Pretexts/PayrollStateTaxIssue
@@ -0,0 +1,37 @@
+<!-- PRETEXT OVERVIEW:
+Credential capture.
+$greeting: Good morning/afternoon/evening, etc.
+$firstname: Target first name.
+$organization: Target organization.
+$department: Random department within the organization.
+$evilurl: URL to cloned portal for payroll or the VPN.
+$accountingemployee: Employee first name and last name that works in accounting.
+$signature: Append or replace with internal signature if acquired.
+$name: Target first and last name.
+
+Can be sent as [email protected]
+Make sure to setup the inbox so users can reply to this message.
+-->
+<b>Subject: Verify State for Payroll Deductible</b>
+<br>
+<br>
+$greeting $firstname,
+<br>
+<br>
+We've been having a few issues with paystubs not showing employees' correct state for income tax deduction. This has only affected a handful of people from $organization's $department department so far, however we are being cautious with the issue and asking all employees to make the verification. If the correct state is listed, please disregard this message. Otherwise, please let me know so that myself or someone else from accounting can straighten the issue as soon as possible.
+<br>
+<br>
+We apologize for the issues and can assure you that we are working on resolving this as fast as we can.
+<br>
+<br>
+$evilurl
+<br>
+<br>
+Thank you,
+<br>
+<br>
+$accountingemployee
+<br>
+$signature
+<br>
+<br>