Phishing Kits Continue to be Popular With Cybercrime Due to New User-Friendly and Sophisticated Features

phishing kits increase cybersecurityPhishing kits continue to grow more user-friendly and sophisticated, according to a new report from ZeroFOX. The report explains that these kits have become a fixed feature in the cybercriminal economy, with developers striving to make their products both effective and easy-to-use to appeal to a wider array of customers.

“Although this process is relatively simple in and of itself, a new category of tools on the fraud scene makes this process so easy that even the least capable of scammers is able to pull off a phishing campaign,” the researchers write. “These tools, called phishing kits, provide a turnkey scam that a low ability technical user can use to build out a phishing campaign on their own. Phishing kits generally include the code of the phishing website, infrastructure, and even distribution tools like mass mailers for a single fee. This allows phishing kit operators to run scams without having to worry about managing infrastructure or needing to design their own scams.”

ZeroFOX observes that phishing kit developers seem to be taking notes from legitimate SaaS vendors when they design their products. The higher-end phishing kit developers even offer visually appealing dashboards through which operators can manage and track the success of their campaigns, and they include built-in tutorial videos and training manuals. The kits are still relatively cheap, however, and most sell for under $100.

The researchers conclude that organizations need to take these observations into account when they design their defenses. Cybercriminals are constantly evolving their tactics, and they know how to get their phishing emails into users’ inboxes.

“A strong defense against phishing kits first requires an understanding of the tools and mechanisms attackers use to target organizations,” the researchers write. “Thinking like an attacker will enable your enterprise to be agile in identifying and tackling evolving threats like phishing kits. Defending against phishing attacks for your organization or your customers should be an approach that defends against an ecosystem rather than just a link in an email. Analyzing the kits, the developers behind the kits as well as the TTPs of the operators can provide a cybersecurity team a holistic view of who and what they are combating.“

New-school security awareness training can provide your employees with an essential layer of defense against phishing attacks by teaching them what they’re up against.

ZeroFOX has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews