Anthropic-Cybersecurity-Skills/skills/conducting-social-engineering-pretext-call/references/workflows.md

# Workflows: Social Engineering Pretext Call

## Vishing Campaign Workflow

```
┌─────────────────────────────────────────────────────────────────┐
│              VISHING CAMPAIGN WORKFLOW                            │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  1. AUTHORIZATION & SCOPING                                      │
│     ├── Obtain written authorization                             │
│     ├── Define target list (departments, roles)                  │
│     ├── Define boundaries (no C-suite, no threats)               │
│     ├── Agree on pretext scenarios                               │
│     ├── Confirm call recording legality                          │
│     └── Establish deconfliction process                          │
│                                                                  │
│  2. OSINT RECONNAISSANCE                                         │
│     ├── Employee enumeration (LinkedIn, website)                 │
│     ├── Organizational structure mapping                         │
│     ├── Technology stack identification                          │
│     ├── Internal terminology and process research                │
│     └── Target prioritization                                    │
│                                                                  │
│  3. PRETEXT DEVELOPMENT                                          │
│     ├── Select scenario(s) per target role                       │
│     ├── Draft call scripts with key phrases                      │
│     ├── Prepare objection handling responses                     │
│     ├── Set up caller ID spoofing (authorized)                   │
│     └── Rehearse delivery                                        │
│                                                                  │
│  4. CALL EXECUTION                                               │
│     ├── Execute calls according to schedule                      │
│     ├── Record calls (with legal authorization)                  │
│     ├── Document responses and disclosures                       │
│     ├── Note verification attempts by targets                    │
│     └── Track time-to-disclosure metrics                         │
│                                                                  │
│  5. ANALYSIS & REPORTING                                         │
│     ├── Calculate disclosure rates by department                 │
│     ├── Identify patterns (role, tenure, training)               │
│     ├── Compare against industry benchmarks                      │
│     ├── Generate remediation recommendations                     │
│     └── Present findings to stakeholders                         │
│                                                                  │
└─────────────────────────────────────────────────────────────────┘
```

## Pretext Selection Decision Tree

```
Select Pretext Based on Target Role
│
├── IT/Technical Staff
│   ├── Vendor support call (patch emergency)
│   ├── Cloud provider security alert
│   └── Penetration test notification (meta-pretext)
│
├── Finance/Accounting
│   ├── Wire transfer verification (CEO fraud)
│   ├── Vendor payment update
│   └── Audit compliance request
│
├── HR/Recruiting
│   ├── Benefits enrollment verification
│   ├── Background check follow-up
│   └── Payroll system update
│
├── Executive Assistants
│   ├── Executive impersonation (travel issue)
│   ├── Board meeting preparation
│   └── Urgent document request
│
├── General Employees
│   ├── IT Helpdesk (password reset/VPN update)
│   ├── Facilities (badge system update)
│   └── Survey/research call
│
└── Front Desk/Reception
    ├── Delivery/courier pretext
    ├── Visitor registration
    └── Employee directory request
```