The digital age has brought about many conveniences but also a rise in cyber-crime with phishing scams growing. Despite how the word sounds, it is not actually a fish trying to scam you.
Phishing, defined by Cisco’s website, is when what looks like a trusted source comes up with fake communication in order to steal your data. These data include your email, credit card information and more. Now, the threat comes in forms of websites that look legitimate but would be stealing your credentials once you key them in the page.
In 2021, Kaspersky researchers blocked 1.2 million individual phishing pages based on 469 phishing kits — which are ready-made fake page templates, that allowed cybercriminals to launch phishing attacks effortlessly.
Since a phishing site can be blocked quickly, fraudsters are keen to generate these pages quicker and in large numbers. Using phishing kits, even an inexperienced phisher can create hundreds of phishing pages in a short time.
Do not take it at face value
One of the most common phishing techniques is to create a fake page for a well-known brand with a large recognition, where users are prompted to leave their personal data. It takes a long time to create these sites manually, and not all phishers have the necessary web-development or site administration skills. The use of phishing kits, however, requires a minimum amount of effort from the phisher. Just a short instruction attached to the template being sold is enough for attackers without advanced technical skills to create the websites.
There are even phishing kits with scripts for sending messages on popular messaging services or via emails. This spamming software automates the mass-mailing process and allows fraudsters to send out hundreds of thousands of phishing emails as bait for potential victims.
These phishing kits also come with advanced add-ons where pages can evade detection. By adding obscured or garbage code to generated pages, developers make it harder to detect and block the site.
These codes are often just a lot of incoherent text, so buyers of phishing kits, especially novice users, don’t look closely at it.
There are even developers stealing their own buyers’ data for their own use. All that would be hidden in an extra line of code.
Phishing kits are actively sold on the darknet or in closed Telegram channels. Prices vary depending on the complexity of a particular template. It costs anywhere from US$50 to US$900 in these Telegram channels, which specialises in the sale of tools for phishers. The simplest kits can even be found for free in the public domain.
Many developers offer entire packages on the darknet such as Phishing-as-a-Service, which includes phishing-kits. These packages provide a full range of services from creating fake sites for any well-known brand, to launching an entire data theft campaign that includes target research, phishing emails, as well as encrypting and sending the stolen data to a client.
It’s all in the code
Having possession of a phishing kit’s source code, it is possible to block all the fake pages that have been created using this template.
According to Olga Svistunova, a security researcher at Kaspersky, the company blocks millions of phishing pages yearly but despite their best efforts, the short lived pages are still able to steal personal data.
She explained that the use of phishing kits have enabled more frequent attacks and amateurs with such kits are able to create their own phishing pages. This means users must be cautious of any links from emails or messaging services.
Although it seems like nothing can be fully trusted, there are things you can do to protect yourself from phishing attacks.
Here are some recommended actions to protect yourselves from phishing :
- Check the links before clicking. Hover over it to preview the URL and look for any misspellings or other irregularities.
- It’s good practice to only enter a username or password over a secure connection. Look for the ‘HTTPS’ prefix before the site’s URL, indicating the connection to the site is secure.
- Sometimes emails and websites look genuine, depending on how well the criminals have done their work. Despite their similarity to original ones, there will be minor irregularities. So be cautious and check it diligently.
- It’s better not to follow links from suspicious emails at all. Check the link from the letter with the domain of the banks or any of the legitimate websites.
- Avoid logging in to online banking or similar services via public Wi-Fi networks. Hotspots are convenient, but it’s better to use a secure network. Criminals can create open networks and spoof website addressed over these connections just to redirect you to a fake page.
- Install a trusted security solution and adhere to its recommendations. These secure solutions will solve most problems automatically and alert you if necessary.
- Corporations should keep track of new phishing kits targeting their clients or employees. You can receive information about phishing kits through services that provide data on cyber-threats. There are some services that you can use to check the website’s legitimacy.
- In order to avoid phishing schemes on the web, it‘s a good idea to install safe browser extensions. These can block phishing websites, known to contain malicious downloads or stop malware from downloading on to the user’s computer.
Read the full report about the phishing-kit market on Securelist.
Join our Telegram group for the latest updates!