The next exercise starts from outside. In other words, the attacker is coming from the internet, and gaining access to the system in order to perform the attack. One approach to that is by driving the user's activity to a malicious site in order to obtain a user's identity.
Another method that is commonly used is sending a phishing email that will install a piece of malware in the local computer. Since this is one of the most effective methods, we will use this one for this example. To prepare this crafted email, we will use the Social Engineering Toolkit (SET) which comes with Kali.
On the Linux computer running Kali, open the Applications menu, click Exploitation Tools, and select Social Engineering Toolkit:
On this ...