Published: July 2, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Knowing that hackers are doing their best to make their jobs easier isn’t a comforting thought. The increased popularity of “phishing kits” and their easy availability is a growing threat to cybersecurity everywhere. Research by Cyren found over 5,000 unique phishing kits for sale, a strong indication of their growing popularity. Getting even more sophisticated and easier to use, they allow highly targeted and short-lived attacks that can devastate a victim. Easily found and purchased online, these kits can inspire a “wannabe” hacker to do bad and help an established hacker be more prolific.
As strange as it sounds, the ‘Phishing-as-a-Service” industry is here. Just as Do-It-Yourself (DIY) fans can get a kit online that helps with a project, a DIY hacker can find a phishing kit for sale or rent. Depending on what they’re looking to get away with, kits that foster specific attacks on categories like finances, data, and more are available. As hacking techniques improve and sharpen over time, so do phishing kits. Cyren found that 87% of kits include evasive techniques that help circumvent detection by email security systems. Experts fear that over time kits will become stronger, more evasive and more difficult to detect.
Phishing kit developers operate like software shops, providing help to the special interests of their customers. Many kits are available with an exact, ready-made, entirely fake website catering to the needs of who’s buying it. With monthly subscription kits available for as little as $50-$80 per month, a hacker shopping the web may find the one they want is on sale. Sadly, it pays for hackers to shop around too.
You’d be right to wonder if phishing kit sales are legal...they’re not. That’s why they’re sold on the Dark Web–the bad actor’s underground access to all things illegal. The kits are here to stay for now as they provide growth opportunities that bad actors look for toward the future. For example, finances are not an issue as a user can subscribe to phishing kits for a small amount of cash. The services kits provide are scalable, depending on unique features a hacker is looking for–like an a la cart menu at a restaurant. Updating to the latest kit version is easy, as kit providers can send patches and updates as they become available. Finally, kits are easily available anywhere there’s an internet and there’s no need to download the software to a device.
In a world where email phishing continues to be a huge security concern, the phishing kit phenomenon should be a wake-up call to us all. Remember to use caution when clicking links or attachments at all times. If you don't know the sender, find it full of mistakes, or are not expecting it, just don't take the chance. As easy as it is to send out these phishing messages, there isn't likely to be an end in sight any time soon.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org