“Man without tools is animal and with tools he is everything”. Till today the quote applies to every field man has set his footprints in. Man has created tools for everything to make every small job easier & quicker.
Now we have tool for Social Engineering too. This new tool is called Social-Engineering Toolkit (in short SET) which aims to automate the social engineering attacks through mass email & web attacks. Within few steps attacker will be able to launch smart attacks with high chance of success. SET works on top of Metasploit, a popular penetration testing framework, using its exploit payloads and launch pad.
To demonstrate its effectiveness, Nishant has created this video which shows how easy it is to launch such social engineering attack with high returns 🙂
In this video, attacker sends the emails to victims using SET tool which contains vulnerable PDF attachment and tiny URL pointing to malicious link. So once victim opens up this PDF document, it automatically connects back to attacker’s machine giving full access to the victim’s system. If victim is lazy enough to open PDF document (as he is human being too ), he will be curious to open malicious URL which is obscured by tiny URL leading to successful attack.
At the end of the day, there is always a Zero Day because of Human Stupidity…!