Social Engineering : Phishing Campaigns : How a Phishing Campaign Works

How a Phishing Campaign Works

When a phishing campaign starts, Metasploit Pro sends the e-mail to the target list through your mail transfer agent (MTA). The e-mail contains a tracking GIF that detects when a human target opens the e-mail. If the human target clicks on the link in the e-mail, the tracking GIF sets a cookie, or unique identifier, that enables the campaign to track the actions of the human target. The unique identifier prevents Metasploit Pro from capturing duplicate data for the same human target.
To serve the web page, Metasploit Pro starts a web server on your local system. The web server address is based on the local system’s IP address or host name. If you have DNS set up, you can specify the domain name instead. For example, if you are running Metasploit Pro on 192.168.182.6, the human target will see the web page URL as 192.168.182.6/landing_page?d=uniquetrackingstring.
To create a phishing campaign, you can either use the Phishing Wizard or the custom setup. If you intend to create a phishing attack that launches browser autopwn or serves an exploit, you need to use the custom set up. Otherwise, you can use the Phishing Wizard to create a standard phishing attack with a landing page and redirect page.