Tricking the user to go to our fake site
The success of every social engineering attack lies on the ability of the attacker to convince the user and the willingness of the user to follow the attacker's instructions. This recipe will be a series of situations and techniques used by attackers to take advantage of to make their cons more believable to a user and catch them.
In this section, we will see some of the attacks that have worked for previous security assessments, on users who were security conscious at a certain level and wouldn't fall to the classic "bank account update" scam.
How to do it...
Do your homework: If it is a Spear phishing attack, do a thorough research about your target: social networks, forums, blogs, and any source of information that tells you what your target is into. Maltego, which is included in Kali Linux, may be very useful for this task. Then build a pretext (a fake story) or a theme of the attack based on that.
We once found a client's employee, who was posting...