Social Engineering Attacks Using Linux Tools

What is Social Engineering?
Social engineering is the major type of hacking and it does not involve technical defects. The aim is to make an account holder disclose his password or some personal information or any other sensitive information.

Common Types of Social Engineering Attacks

1. Phishing: Phishing emails try to legitimize themselves in order to force users part with their credentials or other valuable information.
2. Pretexting: The attacker has to assume an illusion in order to obtain the information.
3. Baiting: Seduces people into downloading so-called ‘useful’ items, such as free software, while infecting the PC with malware.
4. Tailgating: A stranger gets into a restricted area by trailing a person who has authorization to get into the restricted area.

Using Linux Tools for Social Engineering

Linux has many effective instruments for conducting social engineering attacks: for example, the Social Engineering Toolkit (SET). Through social engineering post exploitation attack vector, SET provides a way to launch different attacks such as phishing through the creation of believable fake websites or services.

How SET Works:

1. Install SET: LDM can be found in most Linux distribution with a special note that it is in almost all security distributions especially Kali Linux.
2. Launch SET: To use the toolkit, open the terminal on the Kali Linux and enter ‘sudo setoolkit’.
3. Select Attack Method: Select from multiple types of social engineering attacks for instance, phish, or credential buzzing.
4. Create the Attack: SET use ‘self-disguised’ techniques of creating look alike website or sending a phishing email to elicit sensitive details.