Social Engineering : About Social Engineering : Social Engineering Techniques in Metasploit Pro : Phishing

Phishing
Phishing is a social engineering technique that attempts to acquire sensitive information, such as user names, passwords, and credit card information, from a human target. During a phishing attack, a human target receives a bogus e-mail disguised as an authentic e-mail from a trusted source, like a financial institution. The e-mail contains a link to open a fake web page that looks nearly identical to the official site. The style, logo, and images may appear exactly as they are on the real website. If the human target fills out the web form, you can collect the information as evidence.
To set up a phishing attack in Metasploit Pro, you need to create a campaign that contains the following components:
·
E-mail component - Defines the content that you want to send in the e-mail body, and the human targets that you want to receive the phishing attack. Each campaign can only contain one e-mail component.
·
Web page component - Defines the web page path, the HTML content, and the redirect URL. The web page that you create must contain a form that a human target can use to submit information.
When you run the campaign, Metasploit Pro creates a web server on your local system to host the web page. When a human target clicks on the tracking link and visits the web page, Metasploit Pro records the visit and any information that the human target submits through the web form.