Cybercriminals are creating new phishing strategies and malware variants to make their attacks more intense and successful. They even rely on phishing kits, which are readily available on darknet forums, to exploit their targeted systems.
By Rudra Srinivas, Senior Feature Writer, CISO MAG
A phishing kit is a collection of various software tools, services, and other components such as archive files, HTML pages, images, and codes that enable threat actors to launch phishing or social engineering attacks. Phishing kits provide readymade phishing pages, email IDs, and malware codes to target victims. Even with little or no knowledge of phishing attacks, a person can create various kinds of phishing lures using a phishing kit.
A typical phishing kit includes:
Phishing kits facilitate adversaries to instantly create undetectable phishing pages, impersonate brands, and harvest users login credentials through it.
Also Read: How To Find a Phishing Email
The complexity and capability of a phishing kit depends on its price on the dark web. While a simple phishing kit contains only a few components, advanced kits include built-in botnets and other evasion techniques.
A Basic phishing kit is a simple and small archive file containing a few HTML files and JavaScript codes.
Dynamic phishing kits have specially created phishing lures such as fake banking login pages and compromised email addresses.
Puppeteer phishing kits are specifically designed to phish for online banking credentials. It allows phishers to prompt the victims for sensitive information from their online banking provider. Puppeteer phishing kits are often used to bypass OTPs and security phone calls.
With the increase in the usage of phishing kits, several adversaries are offering customized phishing kits online (like 16Shop and FreakzBrothers), where users can log in, purchase, configure, and download the phishing kits they like.
Also Read: Five Phishing Baits You Need to Know
Threat actors sell phishing kits as phishing-as-a-service across various dark web forums, inviting other cybercriminal affiliates in their phishing campaigns. Research revealed that phishing kits have gained the “Bestseller” tag in the underground market, with the number of ads and their sellers having doubled in 2019 compared to 2018. The growing demand for phishing kits is also reflected in its price that skyrocketed last year by 149% and exceeded $300 per item.
Phishing lures (like emails and messages) are not perfect. A phishing email or message can be detected via paying attention to small details like:
While phishers across the globe invest more in phishing kits to expand their phishing activities, users need to be vigilant to detect and prevent evolving phishing lures proactively.
About the Author
Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.
More from the Rudra.
The post How Cybercriminals Use Phishing Kits appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor