Introduction
The proliferation of inexpensive phishing kits and subscription-based Phishing as a Service (PhaaS) platforms has significantly lowered the barrier for cybercriminals, enabling even those with minimal technical skills to execute sophisticated phishing attacks. This trend poses a growing threat to data security and privacy.
Description
Cheap phishing kits, available for as little as $25 on the Dark Web and platforms like Telegram, empower low-skilled criminals to steal sensitive data and launch malware attacks without needing direct interaction with the creators. These pre-made software bundles include ready-to-use fake websites, pre-written emails [2], and stolen contact lists [2], allowing users with minimal technical skills to execute professional-looking scams. Such malware can lead to complete loss of device control [1], file theft [1], data encryption [1], and ransomware attacks [1].
Additionally, subscription-based Phishing as a Service (PhaaS) platforms are on the rise, enabling criminals to conduct large-scale campaigns while outsourcing the technical aspects of their operations. In 2024 [1], the most impersonated brands in phishing attacks included Google [1], Facebook [1], and Microsoft [1], with nearly 85,000 fake Google URLs identified [1]. The riskiest file extensions for downloading unverified content were exe [1], zip, php, dll, and pdf [1]. Domains most affected by malware included video hosting [1], entertainment [1], and sports [1].
Research indicates a significant rise in phishing attacks [1], with over a million incidents detected in January and February 2024 [1]. The platform Tycoon 2FA was involved in 89% of these incidents [1], followed by EvilProxy at 8% and Sneaky 2FA at 3% [1].
Conclusion
The increasing accessibility of phishing tools and services underscores the urgent need for enhanced cybersecurity measures. Users are advised to enable multifactor authentication [1], scrutinize links for errors [1], and avoid free video hosting sites [1]. Heightened consumer vigilance is essential in this evolving threat landscape, as the sophistication and scale of phishing attacks continue to grow.
References
[1] https://www.cybersecurityintelligence.com/blog/for-sale-cheap-diy-cyber-crime-kits–8372.html
[2] https://www.techradar.com/pro/usd25-software-kits-to-steal-your-personal-details-are-freely-on-sale-on-dark-web-heres-how-to-remain-safe
