Usually, employees are unaware of the tricks and techniques of social engineering, which can be used as intermediaries to obtain valuable information, such as credit card information or corporate secrets.
The security of the entire organization can be compromised if an employee visits a malicious website, answers a social engineer's phone call or clicks on the malicious link received in his personal e-mail.
In this guide. we will show you a method through which you can easily send a fake email with one of the most popular tools called SET (Social Engineering Toolkit).
SET is a product of TrustedSec. SET is a suite of custom tools based on Python and was created by David Kennedy (ReL1K) and his team consisting of JR DePre (pr1me), Joey Furr (j0fer) and Thomas Werth.
SET is an attack system based on attack on human resources. With a variety of attacks available, this toolkit is absolutely essential for penetration testing.
SET comes pre-installed on Kali Linux. You can simply run it through the command line by typing “setoolkit".
Once SET is open, all available options will be displayed as shown in the following screenshot:
Select 1) Social-Engineering Attacks to get a list of possible attacks that can be executed.
You can select the attacks you want to perform from a menu that appears as follows:
- 1 Spear-Phishing Attack Vectors
- 2 Website Attack Vectors
- 3 Infectious Media Generator
- 4 Create a Payload and Listener
- 5 Mass Mailer Attacks
- 6 Arduino-Based Attack Vector
- 7 Wireless Access Point Attack Vector
- 8 QRCode Generator Attack Vector
- 9 Powershell Attack Vectors
- 10 SMS Spoofing Attack Vectors
- 11 Third Party Modules
- 99 Return back to the main menu
We'll start with Mass Mailer Attack . Enter 5 to go to the next menu.
For this example in the list, we'll take a look at the first one choice, E-Mail Attack Single Email Address .
Now you need to fill in all the following details as shown below:
- Send email to:
- From address:
- The FROM Name the user will see:
- Username for open-relay:
- Password for open-relay:
- SMTP email server address:
- Port number for the SMTP server:
- Flag this message / s as high priority ?:
- Do you want to attach a file:
- Do you want to attach an inline file:
- Email Subject:
- Send the message as html or plain:
- Enter the body of the message, type END when finished:
Here you need an open SMTP retransmission server, which you can easily get through smtp2go.com and creating one free account whose SMTP server address will be “mail.smtp2go.com"And the door will be"2525".
This is the result of the fake email we sent from info@iguru.gr via smtp2go.com of the open relay server.
In the SMTP2GO.com Application Control Panel, you can even manage all registrations and view all information about fake emails sent from your account as shown below: