Social Engineering via Phishing
In cybersecurity, social engineering is a nightmare as attackers can obtain credentials that allow them to bypass firewalls and intrusion prevention systems. Social engineering refers to gathering confidential information either virtually or in-person via technical or non-technical techniques. This article will focus on social engineered attacks via email aka phishing.
“With phishing, a few cleverly place words coupled to a seemingly legitimate email, can be the vector to gain access to user accounts, and even critical physical locations such as a company’s data center”.
Hacking the Human OS –
In social engineering attackers attempt to manipulate targets via emails, phone calls or various other methods. They can gather vital pieces of information by pretending to be someone of authority and leverage common emotions like worry, curiosity or fear. Attackers may tell you that your account has been compromised, or even ask you to login for a free gift or service. Overall, a high-level of technical skill is not needed.
Social Engineered Attacks using the SET Tool and Phishing Emails
In this attack method, a credible “looking” email is sent to a target carrying a link to a cloned login page. Once the linked is clicked the target is directed to the clone login as soon as the user name and password are entered they are captured by the SET tool. In minutes attackers can captured vital information to access a users account and potentially mount an escalation strategy to wreck havoc on a network or entire system.
Note: As a penetration tester this tool can bring to light vulnerabilities in either email filtering or email encryption. Most often it will reveal the need for employee training and awareness.
“In less than ten minutes an attacker can setup a clone login page and a credential harvester that will collect usernames and passwords“
The attacker will proceed as follows… (or penetration tester)
- Log into Kali Linux –> Navigate to Applications–> Select social engineering toolkit (SET) –> Select Social Engineering attacks–> Select website attack vectors
- Select, Credential Harvester Attack Method. (This method will harvest/capture all information entered into the cloned login fields.) –> select the Site Cloner tool–> then enter the IP address that the harvester will post back to (this IP address where the harvested credentials will be sent) –> next the attacker will be prompted to enter the url that is to be cloned –> This will begin the cloning process via the settoolkit of Kali linux machine.
- After the site is cloned the attacker will send out malicious emails aka the phishing emails.
- Once the target enters their username & password on the cloned login page and clicks login, SET in Kali Linux will fetch the credentials.
- The settoolkit will record the credentials in the terminal window.
Countermeasure…
“Do not login into accounts through links in unexpected emails”
Thank you for Reading!
You must be logged in to post a comment.