One, two…phish! Approximately two seconds is now all it takes to create phishing sites with the use of a new “plug and play” phishing kit that malicious users have fashioned to automate the installation of a phishing site. This significantly speeds up the phishing process, which normally requires a fraudster to access a compromised server several times, and lowers the risk of them being identified and caught by PC and network security systems.
The said toolkit is reportedly contained in a single file that, when double-clicked, creates entire phishing sites in a snap. It contains PHP and HMTL files, which have been previously used in other phishing attacks that target a certain financial institution, according to the RSA, the research division of EMC.
It was the RSA Anti-Fraud Command Center (AFCC) that conducted a forensic analysis that led to the discovery of the said toolkit. AFCC also claims to have mitigated the said attacks, as well as shut down the phisher’s email address, which was discovered within the PHP code.
This kind of phishing kit signals a disturbing development in online fraud. If similar toolkits emerge, phishing sites might grow exponentially and more people could fall for phishing attempts. Users should be alert to such attempts and give pause before giving away personal credentials online, especially when accessing banking-related sites. .
The full RSA Monthly Fraud Report for June can be downloaded here.