Skip to main content

Phishing Kits

Let's make a phishing attack (just kidding). The easiest way to do so is obtaining a pre-made phishing kit. Phishing kits represent a significant and growing danger. These tools, readily available in the darker corners of the internet, empower even technically unsophisticated criminals to launch effective phishing campaigns. This post aims to demystify phishing kits, explore their dangers, and provide practical advice on safeguarding against these insidious threats. 


Phishing kits are pre-packaged sets of tools and resources designed to facilitate phishing attacks. The parts of a phishing kit can be broken down into the following components:

  • Email templates
  • Webpage clones (usually scraped from the legit site)
  • Scripts and code repositories 
  • Hosting Platforms
  • Delivery Systems
  • Readme & docs
  • Premium services
    • Real-time data analysis tools
    • Customer service*
    • Social engineering tools


These kits are designed for ease of use, allowing attackers to launch phishing campaigns with minimal technical know-how. As discussed in one of my previous talks, there is an entire economy around phishing kits. Some of them even have customer service after the purchase of the kits to provide assistance. This leads to why phishing kits are used in the first place. 

They are easy to use, with the documents and support, there are very few technical skills required to buy a kit. The hardest part is probably finding the kit, the rest is mostly setup for you. The kits also have a high return on investment. They are cheap and with only a few responses have paid for themselves. With a mass produced attack, using these kits makes it harder to trace the attacks back to fraudster (yes I said that unironically).

Phishing kits are dangerous for several reasons. They are widely available, and easily purchased, malicious actors can easily obtain these kits from marketplaces. Modern kits are increasingly sophisticated, making them hard to distinguish from legitimate sources. Additionally, they are pretty easy to get. You can find them on Dark Web Marketplaces: these hidden online platforms offer a variety of kits for sale. They are sold in-person or on peer-to-peer networks. They are shared among fraudster circles. Someone needs to make the secret sauce, so some opt to create their own using online tutorials (a risky and less favored approach).

Once the phishing kits is bought, the next steps include
 

  1. Set up phishing page: These attacks are typically hosted on compromised servers or through anonymizing services. It's not useful to buy premium hosting, as the hosting provider will know your identity and quickly terminate the attack. Then the page needs to be customized to better trick the victim. Customizing the attack may allow specific brands to have their look and feel on the page.
  2. Send email campaigns: The mass emails are sent, luring victims to the phishing page. The attacker's kit will hopefully have some spam filter evasion techniques to bypass filters and actually reach your mailbox. This is why some scam emails have strange characters in replace of typical letters to defeat keyword detection in subject lines that may be fraudulent. 
  3. Launch the attack: Ensure the phishing websites is live and capturing data. The data should be sent to the drop site, which may be a form, email inbox, or separate webshell.
  4. Data collection & pharming: When victims enter their information, it's captured and sent to the attackers. Stolen information is either used for further attacks or sold on other marketplaces.
  5. Clean-up: Remove traces of activity from hosting services, especially if they are on compromised services. From the start it'll help if VPNs and/or proxy servers are used to mask the original attack. Then logs are also cleared from relevant systems that the attacker has access to, such as destroying and creating new webshells.

It's rare that the person who creates the kit is also the same person who uses it, and the person who uses the stolen data. Using your own stuff creates a high risk of exposure, more legal ramifications, and higher risk. 

Also, it requires some amount of skill to pharm-to-table these attacks, and typically people stick to their skills; either building, buying, hosting, selling, pharming the data. By selling these kits, creators can earn consistent income with lower risk compared to using the kits themselves. The demand for easy kits are high, making the sale of phishing kits a lucrative business and a more consistent form of income than trying to hope your phishing site works. 

The kits are so easy, that they sometimes also attack their buyer and steal their information, because attackers are gonna attack. Engaging in phishing using their own widely sold kits could mean the creators risk falling victim to security measures that have adapted to their own tools. The phishing landscape is highly competitive, with many players. Creators might prefer to avoid direct competition in this crowded field. Sellers make their money by selling these kits while staying well-hidden to dodge legal trouble. Recognizing their methods is key in crafting effective cybersecurity defenses. It's all about understanding the entire phishing landscape, not just the threats themselves, to stay one step ahead.

 Kits are pretty easy to use, cheap, have a high ROI, and are an easy starter for the beginning fraudster. Don't do kits, kids. 

Comments

Popular posts from this blog

Studying for the AWS Certified Cloud Practitioner Certification (CLF-C02)

As a solution's architect, I want to keep up on my cloud skills. As noted in my previous New Year's Resolution post , I'm looking to get the AWS Certified Solutions Architect Associate (SAA-C03) exam, and the Cloud Practitioner (CLF-C02) certification is the one that precedes this SAA-C03 exam.  After speaking to others who have passed the SAA-C03 exam, they mentioned more than half the content is the same as the CLF-C01 exam. The exam has been updated last September and has changed content moving to the C02 edition. So I believe it's foundational to take this exam first.  As a former academic, I have a high standard to passing the exam. While I'm already passing some practice exams, I don't want to sit for the exam until I'm getting over 90% on the practice exams. What's the point of barely scraping by when I'm doing this to truly gain skills and knowledge? Below I'm going to outline what I've been using to study. AWS Skill Builder I do pa...

2024 Resolutions

Welcome back! It's another New Year's blog post. Let's get right into my goals for this year. 1. Obtain the AWS Solutions Architect certification Right now, I'm working as a Solutions Architect, and I'm all about boosting my career with the right certification. I absolutely love what I do and want to get even better at it, so I can be an even more valuable part of my company. Even though I've got a master's degree, I'm hungry to learn more and up my game. I'm currently getting ready for the AWS Cloud Practitioner exam, which is set for February 23rd. What's interesting is that a big chunk of the stuff in this exam is also in the Solutions Architect (SA) exam. I'm making good progress with my studies, and I'm pretty confident that I'll be all set to tackle the exam by the end of the year. I'm on a mission to move up in my career, prove my worth, and pick up some fresh skills along the way. Some folks really value high...

2023 Resolutions

Welcome to my New Year's Resolutions! I feel a little vulnerable sharing my goals publicly and auditing if I failed or succeeded over the year.  My 2023 Resolutions 1) HACK THE PLANET! 2) Upload to WiGLE every month 3) Post to the blog at least once a month 4) Continue to follow and maintain my vision board. Don't judge me! I thought they were cheesy and weird, but it's been so effective. I made a blog post about it already, but just as a refresher my current board is below. A vision board is almost a resolution list in of itself. These are all the things I want to achieve in the near future.  5) Pass the HAM radio exam 6) Continue in content creation and make articles or a podcast Let's go over what my resolutions where last year: My 2022 Resolutions 1) Make it to 500,000 unique wifi networks I made it in November! I achieved this goal and obtained the gold WiGLE badge.  2) Upload to WiGLE every month I made this most months, but not every month. I will try again! 3) W...