Phishing kits scam raging! Did you get these SMS, emails? Here is how to stay safe
Phishing is one of the most nefarious methods of stealing important information or credentials online, and targets the weakest link in the security -- the human sitting behind a screen. Researchers have now uncovered two phishing kits that are being used to scam people around the world, giving attackers important or private information which allows them to commit fraud or identity theft.
According to a report published by vpnMentor, a group of researchers have found that a phishing kit, as well as a slightly altered version of the kit, are being used to target people by criminal gangs. These were being used to target people who live in France and Israel, but could technically be used to target users anywhere in the world.
Also read: Looking for a smartphone? Check Mobile Finder here.
A phishing kit is how people with limited technical skills are able to make and direct their own phishing attacks on users around the world without advanced coding. This means that even amateur hackers can launch a phishing campaign, with the right phishing kit. Users are then targeted with SMS or emails that pretend to be a legitimate company trying to gain their confidence and convince them to part with their personal information.
Modus operandi of cybercriminals
The researchers found that the scams involved sending messages from global courier service UPS and Agricole Bank (in France). In the case of the former, it involved informing users that they had a package that they needed to collect, but that they would have to pay for delivery. As the scammers were amateurs, the hackers were able to find records of when a user clicked a payment link, credit card details of people tricked into paying, and other personally identifiable information (PII) from other credit cards. Users were targeted in Israel, US, Brazil, Saudi Arabia, and much of Europe, according to the researchers.
Phishing kit 'success rate'
“According to our research, the first scammer successfully collected 380 Israeli credit cards. That's a conversion rate of over 8.5% – quite an accomplishment by phishing standards,” the researchers stated, adding that the Israeli government should be investing more in educating its citizens about cybercrime, as over 380 credit cards had been affected by the scam which scammed over 4400 people. Meanwhile, the researchers do not know how effective the second scam was, which reportedly affected about 1700 people.
How to stay safe from Phishing kit scams
According to vpnMentor, users can spot scams by paying attention to details. Here is how to spot a phishing attack:
1. Looking for poor phrasing in messages and emails they receive
2. Look for a false sense of urgency that pressures users to take action quickly (to pay for a delivery, for example)
4. Look for hidden URLs or short-links like Bit.ly, which can be used to mask a fake website.
5. Verify the URL that they are clicking on and make sure their private data is not submitted by them on a fake website.
This way users can prevent themselves from becoming a victim of phishing and identity fraud.