The Social Engineering Toolkit (SET) addresses social side of computer security system in its threat model. It’s practiced to perform phishing, impersonation, masquerading, or to assess the level of awareness of social engineering in an organization.
Practical Example:
It is your job to evaluate employees’ propensity to fall for phishing. What you do when using the SET’s "Email Phishing" module is to provide a fake email message which looks like it was sent from the IT department to employees /users, requesting them to change their passwords.
When drafting the email use SET to create a message that is connected to a duplicated version of the company’s login page.
Track responses to know the number of users responded by clicking the link or entered the credentials.
Output: The level of success rate is indicated as 30 per cent and implies the necessity of additional security training among the employees.
Real-world Use: An organization gave their subjects SET to check on how well they were knowledgeable regarding phishing threats and it was bad. The results showed that after a more focused training aids were used, the new cases of successful phishing decreased.
Tip: Use SET responsibly. Always make sure that all the simulations have prior approval and that these are very much foundations on business ethically.
Takeaway: The key to building up the human security layer is to raise users’ awareness on what phishing strategies are and to turn them into a product of constant and heavy skepticism about links and attachments.
Top comments (0)