Usually, the workers are not aware of the tricks and techniques social engineering, which can be used as intermediaries to obtain valuable information such as credit card details or company secrets.
The security of the entire organization can be compromised if an employee visits a malicious website, answers a phone social engineer calls or clicks on the malicious link received in his personal e-mail.
In this guide. we will show you a method through which you can easily send a fake email with one of the most popular tools called SET (Social Engineering Toolkit).
SET is a product of TrustedSec. SET is a Python-based custom tool suite created by David Kennedy (ReL1K) and his team, consisting of JR DePre (pr1me), Joey Furr (j0fer) and Thomas Werth.
SET is an attack system based on attack on human resources. With a variety of attacks available, this toolkit is absolutely essential for penetration testing.
SET comes pre-installed in the Kali Linux. You can simply run it through the command line by typing “setoolkit".
Once SET is open, all available options will be displayed as shown below snapshot screen:
Select 1) Social-Engineering Attacks to get a list of possible attacks that can be executed.
You can select the attacks you want to perform from a menu that appears as follows:
- 1 Spear-Phishing Attack Vectors
- 2 Website Attack Vectors
- 3 Infectious Media Generator
- 4 Create a Payload and Listener
- 5 Mass Mailer Attacks
- 6 Arduino-Based Attack Vector
- 7 Wireless Access Point Attack Vector
- 8 QRCode Generator Attack Vector
- 9 Powershell Attack Vectors
- 10 SMS Spoofing Attack Vectors
- 11 Third Party Modules
- 99 Return back to the main menu
We'll start with Mass Mailer Attack . Enter 5 to go to the next menu.
For this example in the list, we will take a look at the first option, E-Mail Attack Single Email Address .
Now you need to fill in all the following details as shown below:
- Send email to:
- From address:
- The FROM Name the user will see:
- Username for open-relay:
- Password for open-relay:
- SMTP email server address:
- Port number for the SMTP server:
- Flag this message / s as high priority ?:
- Do you want to attach a file:
- Do you want to attach an inline file:
- Email Subject:
- Send the message as html or plain:
- Enter the body of the message, type END when finished:
Here you need an open SMTP retransmission server, which you can easily get through smtp2go.com and creating a free account whose SMTP server address will be “mail.smtp2go.com" and the door will be "2525".
This is the result of the fake email we sent from info@iguru.gr via smtp2go.com of the open relay server.
In the SMTP2GO.com Application Control Panel, you can even manage all registrations and view all the information about fake emails sent from your account, as shown below: