I'm performing a penetration test against a company. Part of my social engineering procedure is to contact the IT department and try to convince them to that I'm an employee in the company and get them to reveal some sensitive information including passwords.
How can I make my call more convincing by making it appear as if it came from some employee's phone number?
[This is a hypothetical question, created to preserve my deleted answer on this question]