Kaspersky Phishing Kits CybersecurityCybersecurity

Kaspersky shows how scammers create fake pages using phishing kits

In 2021, Kaspersky researchers blocked 1.2 million individual phishing pages based on 469 phishing kits, which are ready-made fake page templates, that allow cybercriminals to launch phishing attacks effortlessly.

Since a phishing site can be blocked quickly, fraudsters are keen to generate these pages quickly and in large numbers. Using phishing kits, even an inexperienced phisher can create hundreds of phishing pages in a short time.

According to the cybersecurity solutions firm, one of the most common phishing techniques is to create a fake page for a well-known brand, where users are prompted to leave their personal data.

Report outlines cost of data breach on enterprises, SMBs in 2021
What employees should know about password reset notifications scams

“It takes a long time to create these sites manually, and not all phishers have the necessary web development or site administration skills,” Kaspersky said. “The use of phishing kits, however, requires a minimum amount of effort from the phisher. Just a short instruction attached to the template being sold is enough for attackers without advanced technical skills to carry out a phishing attack.”

Phishing kits

The company also explained that in addition to these templates, some phishing kits contain scripts for sending messages on popular messaging services or via email with phishing links contained. This spamming software automates the mass-mailing process and allows fraudsters to send out hundreds of thousands of phishing emails as bait for potential victims.

“The developers of phishing kits don’t stop at just basic schemes and continue to come up with new, advanced add-ons, such as detection evasion tools,” Kaspersky said. “By adding obscured or garbage code to generated pages, developers make it harder to detect and block the site.”

This code is often just a lot of incoherent text, so buyers of phishing kits, especially novice users, don’t look closely at it. Some dishonest developers take advantage of this and add this extra code not only to the page but also to the code responsible for transmitting the information.

“By doing this, they can steal the data that the buyer of their product managed to collect and use it for their own purposes,” the cybersecurity solutions company said.

Darknet

According to Kaspersky, phishing kits are actively sold on the darknet or in closed Telegram channels. Prices vary depending on the complexity of a particular template, costing anywhere from $50 and $900 in these Telegram channels, which specialize in the sale of tools for phishers. The simplest kits can even be found for free in the public domain.

Many developers offer entire packages on the darknet such as Phishing-as-a-Service, which includes phishing kits. These packages provide a full range of services from creating fake sites for any well-known brand to launching an entire data theft campaign that includes target research, phishing emails, as well as encrypting and sending the stolen data to a client.

Having possession of a phishing kit’s source code, it is possible to block all the fake pages that have been created using this template. For example, last year Kaspersky researchers detected 469 phishing kits, which allowed them to block 1.2 million individual phishing websites.

To protect yourself from phishing attacks, Kaspersky recommends:

  • Checking the link before clicking. Hover over it to preview the URL and look for any misspellings or other irregularities.
  • It’s good practice to only enter a username or password over a secure connection. Look for the HTTPS prefix before the site’s URL, indicating the connection to the site is secure.
  • Sometimes emails and websites look genuine, depending on how well the criminals have done their work. Despite their similarity to the original ones, these pages are a lot more dangerous.
  • It’s better not to follow links from suspicious emails at all. Check the link from the letter with the domain of your bank.
  • Avoid logging in to online banking or similar services via public Wi-Fi networks. Hotspots are convenient, but it’s better to use a secure network. Open networks can be created by criminals who, among other things, spoof website addresses over the connection and redirect you to a fake page.
  • Install a trusted security solution and adhere to its recommendations. These secure solutions will solve most problems automatically and alert you if necessary.

“We recommend that companies keep track of new phishing kits targeting their clients or employees,” Kaspersky said. “You can receive information about phishing kits through services that provide data on cyberthreats, such as Kaspersky Threat Intelligence Portal. If you want to check if the page is legitimate, enter the link into the Threat Intelligence Portal search and get the statistics on it, including information about phishing kits.”

In order to avoid phishing schemes on the web, it‘s a good idea to install Safe Browser Extension. This extension can block phishing websites, known to contain malicious downloads or stop malware from downloading onto the user’s computer.