Phishing-as-a-Service: As Simple As Uploading A Logo

Phishing CybercriminalsResearchers at Fortra are tracking “Strox,” one of the most popular phishing operations of the past two years. Users of Strox phishing kits can easily create phishing campaigns by simply submitting a logo for the brand they want to impersonate.

“Currently, twelve phishing kits are sold on Strox for $90 USD each. A purchase of one of these kits includes a unique API key that promises the buyer continued development and updates of the page content and antibot information,” Fortra says.

“Customers are able to view demo phishing pages before buying them for use and may customize which pages are active when an attack is live. In all available kits, phishing content auto translates its language to match the selected language of the victim’s browser. The service claims that over 230 languages are available.”

Strox kits are easy-to-use and highly automated, allowing users to run multiple phishing campaigns simultaneously.

“All scam kits available from Strox include a real-time admin panel which allows the phisher to control and monitor their active attacks,” the researchers write. “Logging information on the pages provides a live look at the number of people currently looking at phishing content and the actions that are being taken. This functionality is also leveraged in man-in-the-middle style attacks to obtain two-factor authentication codes and bypass additional security checks. When the threat actor is not available to monitor phishing attacks, they may opt to set phishing attacks to a dormant state. This measure may prevent pages from being detected during times when they are unproductive.”

Notably, Strox also offers to set up bulletproof hosting infrastructure for customers’ phishing campaigns for just three dollars per day.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Fortra has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews