Next, in the Server Configuration section, click the E-mail Server button. You can click the Clone Website button to clone the redirected website again. Next, click the Clone button and save your changes.Ĭlick Next and you will get to see the following screen. As you can see in the following screenshot, we entered in this field. Here, you need to enter the website that you want to clone. On the next screen, click the button Clone Website which will open another window. Next, click the Landing Page icon to set the URLs where you want to redirect your tricked users.Īs shown in the following screenshot, enter the URL at Path and click Next. Next, click the Content icon (number 2) if you want to change anything in the content of the email. On the next screen, you need to supply the requested data according to your campaign. Next, click the E-mail icon under Campaign Components. In this section, we will discuss how you can initiate a Social Engineering attack using Metasploit.įirst of all, go to the Home page of Metasploit and click Phishing Campaign, as shown in the following screenshot.Įnter the name of the project and click Next.Įnter the name of the campaign. It happens in most of the cases that an attacker might be around you and can do shoulder surfing while you are typing sensitive information like user ID and password, account PIN, etc. Such an attacker can gain physical access to restricted areas, thus providing further opportunities for attacks. Example 3Ī social engineer may pretend to be an employee or a valid user or an VIP by faking an identification card or simply by convincing employees of his position in the company. The attacker takes the office personnel in confidence and finally digs out the required sensitive information without giving a clue. This relationship can be established online through social networks, chatting rooms, or offline at a coffee table, in a playground, or through any other means. Example 2Īn attacker may befriend a company personnel and establish good relationship with him over a period of time. Although it sounds improbable, but attackers can easily retrieve information from the company dumpsters by pilfering through the garbage. Many companies still use carbon paper in their fax machines and once the roll is over, its carbon goes into dustbin which may have traces of sensitive data. These documents might contain sensitive information such as Names, Phone Numbers, Account Numbers, Social Security Numbers, Addresses, etc. You must have noticed old company documents being thrown into dustbins as garbage. Let us try to understand the concept of Social Engineering attacks through some examples. Hackers sometimes use fake websites and phishing attacks for this purpose. Social engineering can be broadly defined as a process of extracting sensitive information (such as usernames and passwords) by trick.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |