11 Aug PHISHING KIT, the back end of phishing
Nowadays it is difficult to find someone who has never heard of phishing, it is even more likely that you have seen different cases yourself or have experienced it in the first person.
We could spend hours talking about different types of phishing: some are very elaborate, with a perfect mimicry of the original website and even their url is impeccably camouflaged; but we also find others are more ‘sloppy’ with poor quality images that are pixelated and contain grammatical or even spelling mistakes. But what’s behind it? How does it work? How is it built?
The ‘Phishing Kit’, the industrialization of phishing
The core of these scams is the so-called ‘Phishing Kit’ that in addition to being the necessary means for the realization of ‘phishing’ is a millionaire business and flourishing in the darkweb.
We imagine cybercriminals as computer experts creating their complicated tools, but along with that technical and expert profile there are others, such as, the script kiddie, people who use other people’s programs without real knowledge of the subject or the Newbies, beginners.
Anyone can access darkweb, enter the specific online markets for these tasks and purchase a ‘phishing kit’. The average price in 2019 was $304 and the usual range between $10 and $824 (source group-ib). These prices doubled those of the previous year and, unfortunately, during 2020 they continue to grow. The growth of the business is such that it is possible to obtain user support services to put it into operation and even the necessary secondary tools such as mass mailings, which are necessary to reach as many victims as possible.
There are even free phishing kit offers. How is that possible? In the code of some we can find hidden communication channels with the kit seller, who will get the credentials stolen by the kits put into operation by the buyer (probably a script kiddie).
These phishing kits not only contain the emulated website, with the logos, menus and access area (username and password), but they also have everything necessary to store the stolen credentials, the main objective of the phishing, and, in many cases, also sophisticated tools that make it really difficult to detect them as fraudulent websites.
One of the world’s largest phishing databases
The number of phishers detected per day is extremely high. In 2019 alone, PhishinggHunters detected more than 6,000,000 domains suspected of being used for illegal purposes. In fact, we have one of the largest phishing databases in the world, with over 2,000,000 entries. However, while obtaining phishing kits remains scarce, the information obtained is valuable, helps in the creation of detection tools and allows for the recovery of stolen credentials. Imagine that it is your bank details, the password could be blocked preventing access to the account and monetary theft. In addition, the discovery of the kit can lead us to dozens of fraudulent websites.
Knowing the enemy, their weapons, phishing kit, helps us fight effectively against fraud
Once the cybercriminal has the kit mounted he will move it from domain to domain as it is detected. The life of these websites is very short, about 10 hours, and rarely exceeds 36 hours. Once the initial economic investment has been made, they will be able to move the kit to different urls where they can continue ‘harvesting’ credentials.
Phishing has been with us since the mid 90’s, it is not a new threat, however it has changed a lot since then, they are becoming more sophisticated and with the easy to use and affordable phishing kits we estimate that it will continue to be a constant and growing threat for years to come.
Awareness is basic and absolutely necessary but early detection becomes a maxim. Our phishing detection service detects illegitimate domains by constantly monitoring networks with powerful proprietary tools based on Machine Learning. The monitoring tools are continuously fed with filters and keywords that are translated into alerts, which, through a previous work of filtering and reviewing, allow to detect phishing early. Do you want to know more?