Email is a very useful way to send any kind of files or images and many more. In normal life, we use email for so many things but for an attacker point of view its a way to hack someone because there are millions of email sent every day and a normal person doesn’t look at the email whether it is a legitimate or a fake or malicious email that one of the reasons why attackers use email to send malicious files or for phishing link. In some of my previous blogs, I have explained how to check if the email is fake or not and how to be safe from it, But now I will tell you how to send a spoof email or fake email to someone now in the last blog I told you to send spoof email you need a mail server but I will cost around $5 minimum or more. but there is some website which gives you free server with some limitation but it’s doesn’t matter.
First of all, you have to create an account on SendGrid, there is a free plan available but if you want you can take the subscription also, I am using the free plan for this tutorial
The first page will look like this when you are done will filling up your details and create the account, Now you have click on the first option web API and SMTP relay
Now click on the SMTP Relay it will ask you the enter the API name enter the name you want and click on create key
Once you click on create key it will show you the API key, Now copy the API key and save it on your system now it will check for integrity but you can cancel it. Now everything is set you are ready to send the email for that you need a Kali Linux machine open you Kali Linux and terminal and type “setoolkit” for social engineering attack
the social engineering toolkit will look like this the attack we want to perform is Social Engineering attack type 1 and the second page will open
type the option 5 because we want to perform mail attack and it will ask you whether you want to send mail to a single person or more than more chose the option 1 and the target email address whom you want to send the email
Now it will ask you how you want to send the email with your mail account or mail server, we have our mail server
chose the option 2 for the SMTP server After that it will ask you to enter the email address which your victim will see now this is very important because you can’t use Gmail in from address because now google use Machine learning and other techniques to identify it and you mail will be delivered to the spam folder and victim won’t check the spam folder and if you choose other address there are still some chances that it will be delivered to the spam folder so you have to think again and again so your target won’t think that this fake email and google won’t send it to spam folder. you have to balance both the thing Google and target both.
now fill all details email addresses and name your target will see the user name of your server which will be “apikey” and the password will be the API key which we generated earlier and copied it now the password and hit enter remember when you paste the password it will not show it not the terminal for security so don’t get confused now check the option whether you want or not like attachment body and subject etc. I will ask you whether you want to send mail in HTML or text. I am using text so type “p” and enter the message and subject, when you finish typing your message/ body hit enter then type “END” in the capital then hit enter END for the message is finished indication. now your email will be sent to the victim if you can’t find it check the spam folder and try with different spoof address. I haven’t tried the spoofing with other emails except for Gmail if you have mail address from other domain like yahoo or Hotmail you can try with it and check if you get spammed it Hotmail or not.