Phishing and its effects, namely, identity fraud, continue to grow. Unfortunately, it is now easier than ever to carry out these kinds of attacks.

Cybercriminals are now using a new tool known as Super Phisher (detected by Trend Micro as HKTL_SUPERPHISER) has been released, which creates a phishing page from a legitimate website.

The tool creates all the files necessary for the phishing page such as an .HTML file that contains the actual page and a .PHP file that steals information and saves the stolen data to a .TXT file. In the screenshot below, note how the HTML page’s code refers to the local .PHP file and not the legitimate site (in this case, Yahoo!).

A would-be phisher then takes all the files and uploads these to a website under his/her control. This site could be a malicious, compromised, or even a free Web host that the phisher is abusing. It is then up to the phisher to lure users to the site he/she created.

While this tool allows cybercriminals to create phishing pages with greater ease and less time, thus producing more timely attacks, as needed, users can still take steps to protect themselves.

While the pages created by this phishing tool look identical to the legitimate site, it does not contain any code that obfuscates or manipulates the URL as seen in the user’s browser. While the phishing pages appear to be completely legitimate, the URLs they are hosted in do not.

To guard against threats like these, users must always be careful about the sites they enter personal information into. They must check that the site not only look legitimate but is also located in a legitimate URL. While cybercriminals may attempt to register domains with similar appearances, careful users should still be able between authentic and possibly malicious sites.

Trend Micro™ Smart Protection Network™ detects malware such as HKTL_SUPERPHISER using the file reputation service and protects users from accessing malicious sites via the Web reputation service.

Non-Trend Micro product users can also stay protected from such threats via free tools like Web Protection Add-On, which is designed to block access to possible malicious websites in real-time.