-
Notifications
You must be signed in to change notification settings - Fork 547
SMS Phishing
King Phisher can be used to to run basic SMS phishing campaign in a similar manner to standard email campaigns. In order to convieniently send SMS messages without prior knowledge of the carrier an external server must be used. For this purpose the Clockwork service can be used. At the time of this writing Clockwork charges 0.06 USD per SMS message sent.
Text messages sent through the Clockwork API will be sent from a 5 digit number.
After creating an account and adding the necessary funds to it, an API key needs to be generated. Once an API key has been created it is appended to the target phone numbers to create a standard King Phisher CSV target list. The country code needs to be prefixed to the number, without any + symbol.
Alice,Liddle,12345678900@YOURAPIKEY.clockworksms.com
Calie,Liddle,14327650098@YOURAPIKEY.clockworksms.com
A clockwork api plugin is available which, when enabled, will automatically update phone numbers into email addresses suitable for use with the Clockwork API.
Once the target list has been created an email can be crafted containing the
desired text to send to the intended recipients via SMS. The Clockwork SMS email
system extracts the SMS message contents from between #STARTSMS#
and
#ENDSMS#
tags.
Users should take care to ensure that their message does not exceed the 160 characters allowed in an SMS message (including any variables that may be expanded). Should a message exceed the 160 characters allowed, the Clockwork API will split the text and send multiple SMS messages to the recipient.
The following is a basic email template that illustrates how the SMS message can be crafted.
<html>
<p>
#STARTSMS#<br />
Please visit {{ url.webserver }}
#ENDSMS#<br />
</p>
</html>
As with any other email template, standard message variables can be used. Additional information on the Clockwork Email to SMS interface is provided by their documentation.