Phishing-as-a-Service Platforms LabHost and Frappo Help Threat Actors Target Canadian Banks



Financial Bank ScamAnalysis of attacks on banking institutions in Canada can be almost perfectly tied to the use and availability of phishing-as-a-service platforms, indicating increased use by threat actors according to new research by Fortra.

With bank credentials being a lucrative target for phishing campaigns, threat actors are choosing platforms that do most of the work at a rapid pace. Why do all the work yourself when someone else has already built it and only charges a small monthly fee?

According to analysts at cybersecurity company Fortra, two phishing-as-a-service platforms — Frappo and LabHost — have been steadily growing in use since their release in 2021, mostly targeting Canadian Banks.

While monitoring attacks using these platforms, researchers noted an interesting alignment between a service outage of LabHost last November and a material drop in attacks targeting Canadian banks:

Phishlabs Image 1

Source: Phishlabs

These platforms handle pretty much every part of the attack — from initial contact with the victim via SMS or email, to impersonated phishing pages, to man-in-the-middle services to obtain MFA codes, and more.

What’s important to note is just how these platforms market their services on the dark web. As shown below, it’s literally no different than any other SaaS platform you want to subscribe to:

Phishlabs Image 2

Source: Phishlabs

It’s also interesting to note that LabHost splits their platform based on the skill set of their customer, as well as by geography. The first two tiers on the left only cover brands in North America, while the third covers brands found worldwide.

As threat groups become more sophisticated so easily for just a few hundred dollars a month, it’s evident that the individuals targeted need to be educated on such attacks via security awareness training to decrease the likelihood that they fall for these very convincing attacks.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews