Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Phishing-as-a-Service Platforms LabHost and Frappo Help Threat Actors Target Canadian Banks

    Financial Bank ScamAnalysis of attacks on banking institutions in Canada can be almost perfectly tied to the use and availability of phishing-as-a-service platforms, indicating increased use by threat actors according to new research by Fortra.

    With bank credentials being a lucrative target for phishing campaigns, threat actors are choosing platforms that do most of the work at a rapid pace. Why do all the work yourself when someone else has already built it and only charges a small monthly fee?

    According to analysts at cybersecurity company Fortra, two phishing-as-a-service platforms — Frappo and LabHost — have been steadily growing in use since their release in 2021, mostly targeting Canadian Banks.

    While monitoring attacks using these platforms, researchers noted an interesting alignment between a service outage of LabHost last November and a material drop in attacks targeting Canadian banks:

    Phishlabs Image 1

    Source: Phishlabs

    These platforms handle pretty much every part of the attack — from initial contact with the victim via SMS or email, to impersonated phishing pages, to man-in-the-middle services to obtain MFA codes, and more.

    What’s important to note is just how these platforms market their services on the dark web. As shown below, it’s literally no different than any other SaaS platform you want to subscribe to:

    Phishlabs Image 2

    Source: Phishlabs

    It’s also interesting to note that LabHost splits their platform based on the skill set of their customer, as well as by geography. The first two tiers on the left only cover brands in North America, while the third covers brands found worldwide.

    As threat groups become more sophisticated so easily for just a few hundred dollars a month, it’s evident that the individuals targeted need to be educated on such attacks via security awareness training to decrease the likelihood that they fall for these very convincing attacks.

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

     

    Return To KnowBe4 Security Blog

    Topics: Phishing, Security Awareness Training, Security Culture

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews