Social Engineering : About Social Engineering

About Social Engineering

Social engineering is a method of attack that typically uses a delivery tool, like e-mail or a USB key, to induce a target to share sensitive information or to perform an action that enables an attacker to compromise the system. You perform social engineering tests to gauge how well the members of an organization adhere to security policies or to identify the security vulnerabilities created by people and processes in an organization.
In Metasploit Pro, you create and run campaigns to perform social engineering attacks. A campaign contains the e-mails, web pages, and portable files that you need to run a social engineering attack against a group of human targets. You can set up campaigns to perform phishing attacks, launch client-side exploits, run Java signed applets, generate executables for USB key drops, and send out e-mails with malicious attachments.
The campaign tracks the number of human targets that fall victim to the attack and presents the results in a social engineering report. You can read the report to review the metrics for the campaign, learn about remediation recommendations, and determine the effectiveness of the campaign.Additionally, the campaign page shows real-time statistics that provide you with a high-level overview of the campaign results. For example, you can view the number of recipients who opened the e-mail or filled out the web form in a phishing campaign.
The data that you gather from a social engineering campaign can help paint a clearer picture of the risks and vulnerabilities that exist in their organization and security infrastructure. An organization can leverage the test results to improve their security posture and increase security awareness.