Phishing Kit
In recent years, the phenomenon of cybercrime has grown exponentially. In particular, phishing is one of the forms of scam that is most afflicting the victims of cyber criminals, so much so that it has become a real trend in the sector. According to the latest quarterly report from the Anti-Phishing Working Group (APWG), more than 611,000 phishing attacks were detected between January and March 2021, with a peak of 245,711 attacks in January alone. Among the most widespread types of this scam is the Phishing Kit, which is nothing more than a collection of files installed on a "malicious" site which contains a code to steal information from users who connect to it.But that's not all. According to the trend of the moment, these kits are sold by hackers to other cybercriminals, who can thus install them on the site they want to target. By doing so, phishing attacks multiply dramatically, allowing even less experienced criminals to use complex code. " The most worrying aspect of these scams is the democratization of the attack. Even though I am not an expert in code, in fact, I can buy the kit made by some cyber criminal and, adjusting it to obtain the credentials, I can attack. In addition to having reduced the
complexity of developing the attack, the latter becomes within the reach of anyone, even the
inexperienced criminal.” - declares Lorenzo Asuni, Chief Marketing Officer of Ermes-Cybersecurity, an Italian company expert in information security.
Furthermore, as if that weren't enough, the kit allows both criminals to get their hands on the poor victim's sensitive data, thus causing her double damage. But there is good news, watch out! Containing a lot of data, the phishing kit can provide useful information on the techniques used for hacker attacks, up to lead us to the identification of cybercriminals. However dangerous, therefore, phishing kits still allow the competent authorities to trace who created them. There don't seem to be any original kits. Rather, they are clusters of correlated kits, which highlight the lack of experience of some cybercriminals who still manage to ensure the success of the attack by putting together codes developed by third parties.