Phishing toolkit exposes human vulnerability
The development team behind the SP Toolkit (spt) has released version 0.41, "Dartfish", of its open source phishing toolkit. The software allows network administrators to test their users' credulity in realistic scenarios. spt (simple phishing toolkit) provides the same functionality as a real phishing tool but is used to raise users' awareness of their own gullibility.
Running the PHP script is simple and requires no particular technical knowledge. spt can imitate the login page of any web site – when the original URL of a site is entered, the script automatically creates a deceptively similar template for a benign phishing campaign.
Then spt sends emails to a previously defined list of recipients. Any arbitrary sender address can be used – just as in a real phishing attempt. If a recipient falls for the phishing email, spt will note this in its statistics; however, unlike phishing tools used by criminals, spt doesn't store the access data that is entered on the fake login page; it records only who clicked on the link, and whether any data was transmitted with the form.
Version 0.41 of the SP Toolkit is available from the project's download page, as is the change log. Source code for the SP Toolkit is licensed under the GPLv3.