Phishing Leveled Up with Phishing As A Service
Phishing has always been an issue and quite of an annoyance and now with phishing leveling up to Phishing As A Service gives criminals the ability to subscribe to working phishing templates that are sure to trick every day regular people.
Microsoft found a service that makes it easy to create phishing attacks. It’s called PhaaS, or Phishing-as-a-Service. The service is mostly used by hackers to create quick phishing attacks. Microsoft discovered the service is responsible for many recent phishing attacks against corporations.
The group of cyber criminals started this phishing service, and it even offers an email delivery service. The group’s name is BulletProofLink (or Anthrax). It sells phishing kits and templates under a subscription or single payment-based business model. In addition, it offers credential theft and hosting services and says that its links to websites will not be detected by search engines.
Why I’m Worried
In the past, phishing sites only targeted banks, but today’s criminals can impersonate any business. This PHaaS company provides about 120 frequently updated templates to help the cyber criminal. If someone is willing to pay a little extra, a phishing site can be set up in a day. This means that the service operator can steal your credentials and sell them to other people. This combination of stealing and reselling credentials is called double theft .
A new technique for phishing has emerged on the dark web, this technique makes it possible to have unique phishing pages for every person you target. If you can hack the DNS (Domain Name System), you can use it. This tactic has become more popular as it takes less effort to send out phishing pages and increases your chances of successful phishing.
What we can do
To avoid these attacks that aim to steal data, Microsoft recommends that organizations employ anti-phishing policies that will keep the data safe. As a reminder PhaaS is a service that can help malicious hackers deploy ransomware on compromised networks