mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-05 23:38:57 +03:00
1.4 KiB
1.4 KiB
Standards and References: Social Engineering Pretext Call
MITRE ATT&CK Techniques
- T1566.004 - Phishing: Voice (Vishing)
- T1598 - Phishing for Information
- T1598.003 - Phishing for Information: Spearphishing Voice
- T1589 - Gather Victim Identity Information
- T1589.001 - Gather Victim Identity Information: Credentials
- T1589.002 - Gather Victim Identity Information: Email Addresses
- T1591 - Gather Victim Org Information
- T1591.004 - Gather Victim Org Information: Identify Roles
- T1593 - Search Open Websites/Domains
NIST References
- NIST SP 800-50 - Building an IT Security Awareness and Training Program
- NIST SP 800-53 Rev. 5 - AT-2: Literacy Training and Awareness
- NIST SP 800-53 Rev. 5 - AT-3: Role-Based Training
- NIST SP 800-115 - Section 3.3: Social Engineering
Legal Frameworks
- Computer Fraud and Abuse Act (CFAA) - Authorization requirements
- GDPR Article 6 - Lawful basis for processing (if recording EU citizens)
- State wiretapping laws - One-party vs two-party consent states
- Telecommunications Act - Caller ID spoofing regulations (47 U.S.C. 227)
Industry Standards
- PTES - Social Engineering section
- OSSTMM - Human Security Testing module
- CREST - Social Engineering guidelines
- SE Code of Ethics - Social engineering testing ethical standards