forked from L4bF0x/PhishingPretexts
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
69 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| <!-- PRETEXT OVERVIEW: | ||
| Credential capture. | ||
| $service: Technology portal in use by target organization. | ||
| $greeting: Good morning/afternoon/evening, etc. | ||
| $firstname: Target first name. | ||
| $organization: Target organization. | ||
| $evilreactivationurl: URL to cloned portal that looks like a reactivation link. | ||
| $signature: Append or replace with internal signature if acquired. | ||
| $name: Target first and last name. | ||
| Make sure to setup the inbox so users can reply to this message. | ||
| --> | ||
| <b>Subject: Your $service Account Has Been Locked</b> | ||
| <br> | ||
| <br> | ||
| $greeting $firstname, | ||
| <br> | ||
| <br> | ||
| We are e-mailing you regarding your $organization $service account, which has been automatically locked due to inactivity for security purposes. To avoid service interruption, make sure to access the $service portal within the next 24 hours via this reactivation link: | ||
| <br> | ||
| <br> | ||
| $evilreactivationurl | ||
| <br> | ||
| <br> | ||
| Thank you, | ||
| <br> | ||
| <br> | ||
| $organization IT Team | ||
| <br> | ||
| $signature | ||
| <br> | ||
| <br> | ||
| <i><small>This is an automated message generated by the $organization $service system intended for $name. For further assistance, please reply directly to this message.</i></small> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| <!-- PRETEXT OVERVIEW: | ||
| Credential capture. | ||
| $greeting: Good morning/afternoon/evening, etc. | ||
| $firstname: Target first name. | ||
| $organization: Target organization. | ||
| $evilurl: URL to cloned vpn or benefits portal. | ||
| $hremployee: Name of HR employee. | ||
| $evildomain: Spoofed domain. | ||
| $signature: Append or replace with internal signature if acquired. | ||
| $name: Target first and last name. | ||
| Most successful when used between Jan - End of March | ||
| **PLOT TWIST:** Can be used on new employees! Just change "2018" in the subject to "New Employee" and "Here's to a productive 2018!" to "Welcome aboard!" >:-) | ||
| --> | ||
| <b>Subject: Confirmation Required for 2018 Benefits</b> | ||
| <br> | ||
| <br> | ||
| $greeting $firstname, | ||
| <br> | ||
| <br> | ||
| We are still awaiting on confirmation of your 2018 $organization Employee Benefits Package. Please login to review and acknowledge this year's benefits. | ||
| <br> | ||
| <br> | ||
| $evilurl | ||
| <br> | ||
| <br> | ||
| Should you have any questions, please don't hesitate to reach out to $hremployee@$evildomain. | ||
| <br> | ||
| <br> | ||
| Here's to a productive 2018! | ||
| <br> | ||
| <br> | ||
| $hremployee | ||
| <br> | ||
| $signature |