With online phishing kits being the all-in-one DIY fishing pack for those new to this illicit activity, low-tech scammers are taking Maimonides’ proverb to heart.
Phishing kits are built specifically for those with lower technical knowledge, and as such, provide the cyber-criminal with everything they need in order to carry out an attack. With the barrier now lower, more threat actors can get involved, allowing for more attacks and therefore more potential victims.
Found on the Dark Net, this phishing kit targets those that shop at popular online retailers and aims to steal users’ personal details and credit card information. Instead of having just a login page with a prompt for personal and financial information, the [A]pache Next Generation Advanced Phishing Kit incorporates entire replicas of well-known retail sites. Mainly aimed at the Brazilian consumer, these sites include Walmart, Americanas, Ponto Frio, Casas Bahia, Submarino, Shoptime and Extra. Unlike other phishing kits which can be bought for just a few dollars, these high-end, more sophisticated kits sell for between $100 and $300.
Using the kit’s backend interface, threat actors can create convincing fake retail product pages and manage their entire phishing campaign. By preparing a site with discounted products that appear to be sold by a legitimate retailer, the threat actor can then lure victims into making a ‘purchase’, at which point they surrender their personal and financial information.
In addition to targeting the Brazilian audience, our research team found some links to a phishing campaign targeting PayPal users in the US. While the connection between the two activities remains unclear, it may point to a bigger operation than we thought.
With some reports claiming that 91% of cyberattacks and data breaches begin with a phishing email, phishing remains a constant threat for stealing financial information, intellectual property, and even interfering with elections. For this reason, consumers and businesses alike must ensure they have the latest protections for safe guarding against such threats.