Klementinus Kennyvito Salim

Social engineering is the act of manipulating people so they give up confidential information. These information could be in the form of bank account information, website passwords, and other sensitive information.

There are a lot of methods to do Social Engineering, and even a phone call can get sensitive information. In this example, we will use setoolkit in kali linux, which is social engineering tool kit. We will be cloning a website that looks similar to the real website in an attempt to get the user to input their account credentials.

To start, open kali linux terminal, and type ‘setoolkit and choose the option number 1.

Then , choose option number 2.

Then, choose option number 3.

Then, choose option number 2.

Next, enter the IP address of the attacking virtual machine. IP address can be found by using ifconfig command. Then, enter the website you want to clone, in which in this example is https://facebook.com/

Next, a clone of facebook.com will be shown and displayed via the IP address. If you type the IP address in the virtual machine now, a clone website of facebook.com will appear.

If you input email and password and submit, the credentials will be shown on your kali linux terminal.

This is an example of the website attack vector, part of the social engineering attack. Users who visit this cloned website will not be aware and assume this is the real website, and input their credentials, not knowing that it will be sent to attackers.