Phishing-as-a-Service - Security Boulevard

Phishing-as-a-Service

Introduction

IKEA, the famous Swedish home furnishing superstore, is incredibly successful. One of the secrets of their success is making the home DIY flat pack easy to use and very cost-effective. This means that now even a “do-it-yourself” novice like me can make my own bookshelves.

Cybercriminals, like legitimate businesses, are always looking for better business models. Now they have hit gold with Phishing-as-a-Service (PhaaS).

Welcome to the world of DIY flat-pack fraud.

Security Awareness

What is Phishing-as-a-Service and why is it a game-changer?

One of the barriers to entry into the world of cybercrime has been at the technical level. In the past, you had to make your own scam, from coding (including malware development) to hosting the spoof landing pages and selling the data harvested as part of the phish. The steps involved meant that it was quite a slow, painstaking and intensive process that involved:

  1. Designing the scam itself: This includes identifying targets, working out the best brands to spoof, deciding how will the phish cycle will work (links? Attachments?), what will you do with the data collected and so on
  2. Designing and developing the phishing emails: Including setting up email servers, writing content, creating the malicious links and/or attachments
  3. Creating the spoof website: Phishing often involves tricking a person into revealing details such as personal data and/or financial information. It may also require a spoof login page to collect authentication credentials
  4. Consuming and using the collected data: The final stage: what to do with the phished data. Is it sold on via a darknet marketplace or messaging app group? Is it used to hijack an account?

Phishing-as-a-Service is a game-changer in the world of cybercrime because it removes a number of the above steps, especially the hard ones like hosting and design. No longer (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/t4As_R029g0/