Files
Anthropic-Cybersecurity-Skills/skills/conducting-social-engineering-pretext-call/references/standards.md
T

1.4 KiB

Standards and References: Social Engineering Pretext Call

MITRE ATT&CK Techniques

  • T1566.004 - Phishing: Voice (Vishing)
  • T1598 - Phishing for Information
  • T1598.003 - Phishing for Information: Spearphishing Voice
  • T1589 - Gather Victim Identity Information
  • T1589.001 - Gather Victim Identity Information: Credentials
  • T1589.002 - Gather Victim Identity Information: Email Addresses
  • T1591 - Gather Victim Org Information
  • T1591.004 - Gather Victim Org Information: Identify Roles
  • T1593 - Search Open Websites/Domains

NIST References

  • NIST SP 800-50 - Building an IT Security Awareness and Training Program
  • NIST SP 800-53 Rev. 5 - AT-2: Literacy Training and Awareness
  • NIST SP 800-53 Rev. 5 - AT-3: Role-Based Training
  • NIST SP 800-115 - Section 3.3: Social Engineering
  • Computer Fraud and Abuse Act (CFAA) - Authorization requirements
  • GDPR Article 6 - Lawful basis for processing (if recording EU citizens)
  • State wiretapping laws - One-party vs two-party consent states
  • Telecommunications Act - Caller ID spoofing regulations (47 U.S.C. 227)

Industry Standards

  • PTES - Social Engineering section
  • OSSTMM - Human Security Testing module
  • CREST - Social Engineering guidelines
  • SE Code of Ethics - Social engineering testing ethical standards