Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,230 --> 00:00:08,840 In this section I will focus more about the tools that can be used in social engineering. 2 00:00:09,210 --> 00:00:14,850 It's not really an attack S. But it will show you that you should not trust anything. 3 00:00:14,940 --> 00:00:22,900 Email can be spoofed as M.S. can be spoof Mumbai or a cellular number can be spoofed. 4 00:00:22,920 --> 00:00:30,360 So my point is people trust e-mailed blindly they receive an e-mail coming from their manager. 5 00:00:30,390 --> 00:00:32,670 They will execute whatever is inside. 6 00:00:32,670 --> 00:00:36,090 They will never think that men can be spoofed or fake. 7 00:00:36,090 --> 00:00:37,860 Same concept apply for. 8 00:00:37,890 --> 00:00:40,510 You receive an m s s m s from your bank. 9 00:00:41,040 --> 00:00:42,740 You think it cannot be fixed. 10 00:00:42,750 --> 00:00:51,320 It can be fixed mobile number it can be checked so it's not really an attack S. S. It's more into the 11 00:00:51,360 --> 00:00:54,240 tools that is used into the attic. 12 00:00:54,930 --> 00:01:02,270 So if a malicious hacker utilize such tools it would be very easy for him to convince anyone to do anything 13 00:01:02,310 --> 00:01:04,320 that you want him to do. 14 00:01:04,320 --> 00:01:08,910 So if I sent an email coming from your friend or from your manager. 15 00:01:09,720 --> 00:01:20,910 If you don't have enough background or you are not aware enough you may be spoofed by this email and 16 00:01:20,910 --> 00:01:25,960 you will trust that the email is coming from this sender. 17 00:01:26,700 --> 00:01:34,800 So the first then I want to show you it's the spoofed website or the fake I'm sorry the spoofed email 18 00:01:34,890 --> 00:01:36,420 or the fake email. 19 00:01:36,600 --> 00:01:40,690 If you search on Google for fake email you will see this specific website. 20 00:01:40,710 --> 00:01:43,020 This is a quite interesting website. 21 00:01:43,020 --> 00:01:44,730 It's FREE. 22 00:01:44,730 --> 00:01:46,390 It's very effective. 23 00:01:46,740 --> 00:01:53,250 Most probably it will go to your inbox if you don't have a proper mail setting it may go to the junk 24 00:01:53,280 --> 00:01:56,020 but it may go to the inbox you can test it. 25 00:01:56,070 --> 00:02:03,180 You can fake an email showing it's coming from anyone to anyone and you can attach whatever you want 26 00:02:03,180 --> 00:02:10,070 you can send it in a text or as an etch TMLC it will shows like you know the message coming from Linked-In 27 00:02:10,080 --> 00:02:12,750 or from Twitters or this kind of thing. 28 00:02:12,930 --> 00:02:21,750 So using such a tool it's very very convenient and the noise they are keeping such website up and running 29 00:02:22,260 --> 00:02:24,530 because actually this is very dangerous. 30 00:02:24,600 --> 00:02:26,490 So let's try them here. 31 00:02:26,490 --> 00:02:27,650 I'm going to send the mail. 32 00:02:27,690 --> 00:02:39,060 That choice coming from John Smith's and I'm going to put an email or let's make it a let's make a mess 33 00:02:39,570 --> 00:02:44,970 and Zamir will be coming from John Smith's ABC dot com you can put anything you want. 34 00:02:44,970 --> 00:02:46,260 I can type this mess 35 00:02:49,410 --> 00:02:51,480 she Smyth's 36 00:02:54,250 --> 00:03:06,760 at Princeton as and dot com and we're going to send this e-mail to myself. 37 00:03:06,760 --> 00:03:09,520 I'm going to send it to different email. 38 00:03:09,790 --> 00:03:21,810 So let's try it was the emails that I'm using on my this thing MacBain and started at 3 AM talk of 39 00:03:24,830 --> 00:03:35,520 at g m x dot com. 40 00:03:39,860 --> 00:03:44,200 You the next. 41 00:03:46,100 --> 00:03:54,380 And that's why any such book as you made. 42 00:03:54,390 --> 00:03:56,750 Let me put any trust in me. 43 00:03:57,210 --> 00:03:57,850 OK. 44 00:03:57,890 --> 00:04:00,720 So the point is that can I if an email or not. 45 00:04:00,740 --> 00:04:01,920 Let's see. 46 00:04:02,660 --> 00:04:05,180 And I'm Robert 47 00:04:08,370 --> 00:04:16,990 and let's send it now he's saying this e-mail has been successfully sent. 48 00:04:17,230 --> 00:04:21,080 Let's see is this is a case. 49 00:04:21,270 --> 00:04:22,840 I'm going to get to my mobile phone. 50 00:04:23,110 --> 00:04:28,210 Now this can be used on mobile or of a computer or whatever. 51 00:04:29,210 --> 00:04:31,790 And let's see. 52 00:04:31,800 --> 00:04:33,700 Are we going to get anything going. 53 00:04:33,700 --> 00:04:37,760 Let me refresh it again. 54 00:04:38,320 --> 00:04:43,200 It's coming from John Smiths which it's not an existing person. 55 00:04:43,390 --> 00:04:50,010 And as you can see it showing that it came from John Smiths and this is his email to my e-mail. 56 00:04:50,020 --> 00:05:00,280 So imagine what can be done using this tool that you can like convince someone that an e-mail he received 57 00:05:00,280 --> 00:05:08,290 coming from his manager or his wife or his girlfriend or whatever was the case and you try to convince 58 00:05:08,290 --> 00:05:13,650 him what it was with or it may show it's coming from Microsoft or it's coming from their bank. 59 00:05:13,870 --> 00:05:16,640 But I have to tell you this is completely illegal. 60 00:05:16,660 --> 00:05:18,880 And in some country it's a federal crime. 61 00:05:19,180 --> 00:05:25,220 So it's not something to play with if you are doing a proper penetration testing in any organization 62 00:05:25,300 --> 00:05:32,650 and you see you need to check if people have enough awareness that if they received a suspicious e-mails 63 00:05:32,650 --> 00:05:34,030 they will verify. 64 00:05:34,720 --> 00:05:35,890 You can use these tools. 65 00:05:36,100 --> 00:05:39,340 Now only one witness we have such tools. 66 00:05:39,340 --> 00:05:40,570 It's a one way process. 67 00:05:40,600 --> 00:05:46,440 I mean you can send an e-mail showing that it's it's coming from someone. 68 00:05:47,110 --> 00:05:53,940 But what if the victim replied back the reply will be going to the right person. 69 00:05:53,960 --> 00:05:56,930 That's why when people use such tools they will never ask. 70 00:05:57,010 --> 00:06:00,070 They will never ask you to reply back. 71 00:06:00,130 --> 00:06:04,600 They will usually ask you to do something and says a minute please click on the link please download 72 00:06:04,600 --> 00:06:10,390 the attachment but they will never rip asked to reply back sending them your credential or any kind 73 00:06:10,390 --> 00:06:11,360 of information. 74 00:06:11,740 --> 00:06:17,800 So if you receive an email and you are says you are suspecting that this is a fake email you can try 75 00:06:17,800 --> 00:06:21,270 to reply back asking that you send me this email. 76 00:06:21,310 --> 00:06:26,270 This would be going to the website and same concept apply for any spoof technique. 77 00:06:26,320 --> 00:06:32,810 If you received a fake Ngubane fake phone call from a fake number. 78 00:06:33,550 --> 00:06:37,730 You can try to disconnect and call them back and so on. 79 00:06:37,750 --> 00:06:47,230 So this is one of the tool that if you use such tool is a technique that we explain in the previous 80 00:06:47,230 --> 00:06:49,300 lecture it would give you an 81 00:06:52,180 --> 00:06:54,420 extremely good results. 82 00:06:54,820 --> 00:06:58,660 But one more time this should be done in a proper frame. 83 00:06:58,720 --> 00:07:02,200 If you are doing good penetration testing with right I prefer. 7907