Let’s Harvest Sensitive Credentials Using Spam Mails

What is a social engineering attack?

Social engineering is the art of manipulating people to give out credentials.

What is Credential Harvesting ?

Credential harvesting is a technique commonly used by hackers to obtain user credentials by launching MITM attacks, phishing etc. to access sensitive data. Depending about whose passwords are exploited and if the hacker plans to monetize stolen data, password mining attacks will take many types. To attempt thousands of username/password combinations in fast succession, a typical type of attack uses “credential stuffing.” Other attacks rely on credentials from compromised websites that are “skimmed.” A phishing email that entices the victim to click a hyperlink leading to a phony login page for a famous service that the victim is known to use or might use is among the most prevalent credential harvesting attack types (e.g., Dropbox or Office 365).

What is a Spam Mail ?

Spam email sent out of bulk to an indiscriminate user list is unsolicited and unwanted junk email. For commercial purposes, usually, spam is sent. Botnets, networks of infected computers, can be transmitted in massive volumes. Spam emails are often sent for commercial purposes. While it is viewed as unethical by some individuals, many companies still use spam. The cost per email is incredibly low, and companies can consistently send out mass quantities. A malicious attempt to gain access to your computer can also be spam e-mail. Spam email can be dangerous. It can include malicious links that can infect your computer [As we do in this activity ]. Do not click links in spam. Dangerous spam emails often sound urgent, so you feel the need to act. Keep reading to learn about some of the basic spam types.

The Trouble-Maker. SEToolkit [Social Engineering Toolkit]

The Social-Engineer Toolkit (SET) was developed and written by Dave Kennedy, the founder of TrustedSec. It is an open-source Python-driven platform aimed at penetration testing around Social-Engineering.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store