Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Criminal Phishing-as-a-Service Platform Steals Credentials

    Want someone's credentials? Just social engineer them. Phishing is still responsible for 91% of data breaches and has been for the last few years. 

    A Russian cyber mafia has created a website where just about any aspiring bad guy can generate a realistic-looking credentials phish and send it to whoever they want. This "PHaaS" site allows for potentially stealing the victim's username and passwords with practically no technical knowledge.

    Fortinet published a blog post this Wednesday, and they provided details on this Russian-language site called "Fake-Game." 

    The site claims that it has been used to take over 688,610 accounts, is free to use, but has an upsell to “VIP accounts” that have extra benefits like browsing all other phished accounts. Fake-Game even has tech support and training videos.

    FakeG3.png

    To begin with, an aspiring "cybercrim" selects which website they want to create a credentials phish for. You can choose from a pull-down list that includes Facebook and Instagram, gaming platform Steam, and Email Service Providers like Gmail and Mail.ru.

    The next thing that Fake-Game does is generates a URL with a unique affiliate ID that allows the site send the stolen credentials to the right "customer". Fake-Game provides the credentials Phish plus infrastructure to run it, but the end-user still needs to be social engineered. Sometimes the landing pages do not look all that good. 

    One you have tricked a victim into entering their credentials, the site tells you in Engrish: "In your base entered a new account!", and you see the data with the victim's email address or username, password, IP address, and language.

    Unfortunately this PHaaS site lowers the barrier to entry even further for anyone starting to make a living in cybercrime. Hackers can do a lot of things with these creds: send ransomware attacks to others, trade them, sell them or a multitude of other nefarious activities.

    You really want to step your users through effective security awareness training when the amount of attacks is rising. 

    Free Phishing Security Test

    Cyber-attacks are rapidly getting more sophisticated. We help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. Find out what percentage of your employees are Phish-prone with our free Phishing Security Test (PST).

    Get Your Free PST Now

    PS, don't like to click on redirected buttons? Cut & paste this link into your browser:

    https://info.knowbe4.com/phishing-security-test-16

     

     

    Return To KnowBe4 Security Blog

    Topics: Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews