Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now
  • Blog
    • /
  • Phishing
    • /
  • Free Phishing Platform Has Created More than 140,000 Spoofed Websites

Free Phishing Platform Has Created More than 140,000 Spoofed Websites

Stu Sjouwerman | Oct 7, 2024

Free Phishing Platform Spoof WebsitesA free phishing-as-a-service (PhaaS) platform named Sniper Dz has assisted in the creation of more than 140,000 phishing sites over the past year, according to researchers at Palo Alto Networks. The service allows unskilled criminals to spin up sophisticated phishing sites that steal credentials or deliver malware.

“For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages.” Phishers can either host these phishing pages on Sniper Dz-owned infrastructure or download Sniper Dz phishing templates to host on their own servers. Surprisingly, Sniper Dz PhaaS offers these services free of charge to phishers – perhaps because Sniper Dz also collects victim credentials stolen by phishers who use the platform to compensate for the cost of service.

The kit’s developers have taken measures to hide the phishing sites from security providers, so the sites stay up longer before being flagged as malicious.

“Sniper Dz uses a unique approach of hiding phishing content behind a public proxy server to launch live phishing attacks,” the researchers write. “The criminals behind this platform auto-setup the proxy server to load phishing content that is hosted on their server. We believe this approach could be useful in protecting their infrastructure from detection.”

The threat actors also abuse legitimate services to host the sites, which increases the likelihood that the phishing links will bypass security filters.

“Criminals using Sniper Dz often abuse legitimate software-as-a-service (SaaS) platforms to host phishing websites,” the researchers write. “When establishing their infrastructure, these phishers include popular brand names, trends, and even sensitive topics as keywords to lure victims into opening and using their phishing pages. After stealing credentials from a victim, this infrastructure can redirect the victim to malicious advertisements including distribution of potentially unwanted applications or programs (PUA or PUP) like rogue browser installers.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Unit 42 has the story.

Topics: Phishing

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Stu Sjouwerman

ABOUT STU SJOUWERMAN

Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

Read more from Stu »

Subscribe the KnowBe4 Blog

Version_2F_225x600

Posts By Topic

View all topics >