This module of the SET allows an attacker to create a spoofed SMS and send it to a target. The main aim of the SMS is to convince a target to follow a certain link but when they do so, it leads them to a malicious site and the credentials stored in their browser are stolen. This module has been used by hacker groups in their quest to harvest many credentials that they can use in other attacks. The details on how to execute the spoof on the program are straightforward. After selecting this module from the welcome screen, which is normally listed as option 7, the program asks whether the user wants to create a new template or directly perform the spoofing attack. Since there are already good templates, we can just choose to dive into the spoofing attack itself. The program will ask us whether we wish to attack a single phone number or use mass SMS attacks. Creating the attack is simple. Let us say we only want to attack a single phone number. The next prompt will ask us to provide the target's phone number.

After this, we will be told to select one of many SMS templates, which includes fake police SMS, messages from a boss, and others from mobile carriers. After this, we are asked to choose a service for SMS spoofing. There are four services—SohoOS, Lleida.net, SMSGANG, and Android Emulator. Apart from SohoOS, the other spoofers are either paid for or require installation of an emulator. We just go ahead with SohoOS. The program will take care of the rest and send the SMS with a spoofed number requesting the target to visit a certain website.