When I read a book, I generally hate long introductions that don't get straight into the subject. So, let's get to the point. In this chapter, you will learn about social engineering and different techniques that will help you take advantage of human weakness. Take note, this book is about teaching you the principles that you can use in any tool installed on Kali Linux.

In this chapter, you will learn about the following topics in social engineering:

• Sending phishing e‐mails
• Stealing credentials
• Using the Social Engineering Toolkit
• Basics of payloads and listeners
• Using the USB Rubber Ducky for social engineering attacks

Spear Phishing Attacks

So, what is phishing? Phishing is an e‐mail fraud attack carried out against a large number of victims; it contains an item of general interest that will attract people to act on the e‐mail. For example, it may advertise a free bottle of medicine and include a malicious link or attachment. The attacker plays the odds and relies on the fact that some people will click the link or attachment to initiate the attack. Most of us would probably delete the malicious e‐mail, but we can assume some will open it.

Spear phishing is a highly specific form of a phishing attack. By crafting the e‐mail message in a particular way, the attacker hopes to attract the attention of a specific audience (e.g., a company's sales department, developers, etc.)

For example, if the attacker knows that the sales department ...