Security researchers are issuing a warning about a new platform, dubbed Caffeine, which is offering phishing services to non-skilled users to enable them to launch sophisticated phishing campaigns!

To run a phishing campaign, threat actors would be required to have some technical capability, create their own target list, build their own lures and have some infrastructure to work with.

Now, new platforms are appearing online that offer end-to-end phishing services to users, vastly reducing the entry barrier that potential threat actors face.

One of these platforms is the Caffeine platform that was initially discovered in March this year. It offers users the ability to buy a phishing campaign. But this is not the first platform of its kind; in September the EvilProxy platform was reported on.

Similarly, the EvilProxy platform offered users access to phishing resources and the resulting stolen credentials.

However, it did not offer much customisation of campaigns and the EvilProxy operators had a strong vetting process for potential clients which led to many potential threat actors being rejected.

Caffeine appears to be building on these points as it requires no vetting for clients, will offer pre-built templates for phishing lures, and offers customer support services for client issues.

This is reflected in the price of Caffeine services, which are almost double that of its comparable platforms.

A notable feature of the Caffeine platform is that it appears to be setup to target Russian and Chinese victims. This is evident in the templates and pre-built options being offered to clients, and lure pages designed to trick victims into clicking malicious links have been designed to target major Russian and Chinese services.

The growth of platforms like Caffeine will likely increase the risk posed by the phishing threat landscape as previous phishing-as-a-service platforms were limited to a handful of groups, with the ability and resource to launch attacks.

Through Caffeine, threats can come from any user and potentially evade detection capabilities.

However, it should be noted that due to the lack of vetting clients, multiple security researchers have been able to sign up and test the services with full access, creating actionable intelligence around detection.

Regarding Caffeine, the extensive access to the platform has given visibility on how to detect attacks from the platform, helping to identify attempts of exploitation.

Additionally, as the platform is tailored for default attacks to be aimed at Russian/Chinese targets, Caffeine is also assessed at a lower risk than other phishing platforms.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).