https://github.com/yogsec/social-engineering-tactics

Social Engineering Tactics contains real-world social engineering tactics used for manipulation, persuasion, and deception. Stay aware and stay secure!
https://github.com/yogsec/social-engineering-tactics

bugbounty cyber-security cyber-security-tool cybersecurity cybersecurity-tools ethical-hacking hacking hacking-tools set set-toolkit social-engineering social-engineering-and-phishing-attacks social-engineering-attacks social-engineering-phrases social-engineering-tactics social-engineering-techniques social-engineering-toolkit social-engineering-tools

Last synced: 28 days ago
JSON representation

Social Engineering Tactics contains real-world social engineering tactics used for manipulation, persuasion, and deception. Stay aware and stay secure!

• Host: GitHub
• URL: https://github.com/yogsec/social-engineering-tactics
• Owner: yogsec
• License: mit
• Created: 2025-03-13T17:30:59.000Z (12 months ago)
• Default Branch: main
• Last Pushed: 2025-03-31T20:05:50.000Z (11 months ago)
• Last Synced: 2025-03-31T21:23:05.510Z (11 months ago)
• Topics: bugbounty, cyber-security, cyber-security-tool, cybersecurity, cybersecurity-tools, ethical-hacking, hacking, hacking-tools, set, set-toolkit, social-engineering, social-engineering-and-phishing-attacks, social-engineering-attacks, social-engineering-phrases, social-engineering-tactics, social-engineering-techniques, social-engineering-toolkit, social-engineering-tools
• Homepage: https://linktr.ee/yogsec
• Size: 18.6 KB
• Stars: 29
• Watchers: 1
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

          
# Social Engineering Tactics

Welcome to the **Social Engineering Tactics** repository! This repo. contains ** real-world social engineering tactics** used for **manipulation, persuasion, and deception**. Stay aware and stay secure!

![social engineering tactics list](https://media1.giphy.com/media/v1.Y2lkPTc5MGI3NjExOTcwdTMyem01YTJxaG5yM2I0bGNkOXEweDFuenR6aXI0dmFlNjd1dSZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/mSXSC0vivvygw/giphy.gif)



      

  

  

  

  

  

    

  



---

## 📌 Categories of Social Engineering

- **Psychological Manipulation** 🧠

- **Building Trust & Rapport** 🤝

- **Elicitation Techniques** 🎯

- **Impersonation & Pretexting** 🎭

- **Persuasion Tactics** 🏆

- **Digital Social Engineering** 🌐

- **Physical Social Engineering** 🏢

- **Advanced Social Engineering** 🚨

---

## 🧠 Psychological Manipulation Tactics

1. **Reciprocity Pressure** – "Here’s a free sample, now could you buy something?"

2. **Authority Influence** – "The CEO asked me to collect this data from you."

3. **Social Proof Manipulation** – "Everyone else has done it—why not you?"

4. **Scarcity Effect** – "Only 2 spots left! Hurry!"

5. **Commitment & Consistency** – "You signed up for a free trial, why not the full plan?"

6. **Urgency Triggers** – "Act now before it’s too late!"

7. **Fear-Based Persuasion** – "If you don’t update now, you’ll lose your account."

8. **Guilt-Inducing Requests** – "I helped you before, can’t you return the favor?"

9. **Exploiting Sympathy** – "I lost my wallet, can you lend me money?"

10. **False Sense of Obligation** – "You’re my best friend; I know you’ll help me out."

---

## 🤝 Building Trust & Rapport

11. **Mirroring & Matching** – Copying someone’s gestures to seem relatable.

12. **Compliment-Based Influence** – "You’re amazing at this! Can you help me?"

13. **Artificial Common Interests** – "Oh, you love photography too? So do I!"

14. **Using Humor to Disarm** – Joking before making a request.

15. **Strategic Name-Dropping** – "John said you’re the best person to ask."

16. **Fake Shared Experiences** – "I remember you from that event last year!"

17. **Using Authority Figures** – "Your boss recommended I reach out."

18. **Selective Vulnerability** – "I’m new here, could you guide me?"

19. **Forced Familiarity** – Acting as if you already know someone.

20. **Using Social Media Info** – "I loved your recent post on LinkedIn!"

---

## 🎯 Elicitation Techniques

21. **Open-Ended Questioning** – "How do you handle password resets?"

22. **False Confession Baiting** – "I already know, but I need confirmation."

23. **Strategic Pauses** – Staying silent to make the other person talk.

24. **Flattery for Disclosure** – "You know so much about this, tell me more!"

25. **Fake Confidentiality** – "Just between us, how does your system work?"

26. **Reverse Psychology** – "You probably don’t have access to this, right?"

27. **Implying False Info** – "Your office is on the 3rd floor, right?"

28. **Playing Dumb** – "I don’t understand, can you explain in detail?"

29. **Fake Surveys for Data** – "Take our quick security survey for a reward!"

30. **Gossiping to Extract Info** – "I heard something about a new project… do you know anything?"

---

## 🎭 Impersonation & Pretexting

31. **Posing as IT Support** – "We need your login details to fix an issue."

32. **Pretending to Be Lost** – "Hey, do you work here? Can you show me around?"

33. **Impersonating an Authority** – "I’m from corporate security; I need access."

34. **Calling as a “New Employee”** – "Hey, I’m new. What’s the WiFi password?"

35. **Acting as a Delivery Person** – "I have a package for the manager—can I drop it off inside?"

36. **Fake Job Offers** – "We’d like to hire you; just send us your ID and bank details."

37. **Acting as a Journalist** – "I’m writing an article—can you share internal details?"

38. **Fake Emergency Situations** – "Your account is compromised! Confirm details now."

39. **Pretending to Be an Old Friend** – "Hey, remember me from high school?"

40. **Fake Customer Complaints** – "I need my order details; can you verify my account info?"

---

## 🌐 Digital Social Engineering

51. **Fake Phishing Emails** – "Your password is expiring, reset now!"

52. **Social Media Manipulation** – Pretending to be someone else online.

53. **Fake Online Contests** – "Win a prize! Enter your details."

54. **Creating False LinkedIn Job Offers** – "We have an open position; send us your CV."

55. **Fake Friend Requests** – Adding someone to gain personal details.

---

## 🏢 Physical Social Engineering

61. **Tailgating into Secure Locations** – Following someone through a door.

62. **Dumpster Diving for Data** – Looking through trash for useful info.

63. **Shoulder Surfing for Passwords** – Watching someone type their password.

64. **Posing as Maintenance Staff** – "I need to fix the WiFi in your office."

65. **Using Fake IDs for Entry** – Showing a fake badge to enter.

---

## 🚨 Advanced Social Engineering

71. **Fake Police or Government Calls** – "This is the IRS. We need your details."

72. **Fake HR Emails** – "Update your employee records here."

73. **Fake LinkedIn Recruiter Messages** – "We have a job opening for you!"

74. **Fake Bank Calls** – "We detected suspicious activity—verify your info."

75. **Fake Social Media Giveaways** – "You’ve won! Enter your details here."

---

## 🛡️ How to Defend Against Social Engineering

- **Always verify identities** before sharing information.

- Be skeptical of **urgent** or **emotionally charged** requests.

- Use **multi-factor authentication (MFA)** to protect accounts.

- **Limit social media sharing** of personal details.

- Train employees & teams on **security awareness**.