Hackers Birth Automated Phishing Kit that Never Dies

Dennis Faas's picture

Hackers have now started using what is being referred to as "indestructible" cloud computing-based phishing attacks.

In short, a phishing attack is a "criminally fraudulent process of attempting to acquire user names, passwords, and credit card details by masquerading as a trustworthy website." (Source: wikipedia.org)

For example, you may have received a dubious email asking you to "update" your banking information or to "change your online banking password." These are typical phishing scams whereby the information you input is stolen by fake websites masquerading as a bank and then used to drain your account.

Phishing Attacks Disrupted, but Not Gone

That said, the way a phishing attack is executed is somewhat complex. Up until now, most fraudulent phishing sites have been fought by taking down their main server, which essentially removes the fraudulent website and the point where data is collected.

With the cloud computing format, however, the data collection space is hosted separately from the actual phishing website, and hence, never dies. This is good news for hackers, since using a cloud-based methodology means that even if their phishing site is disrupted, scamsters simply re-post their site in a new location. This re-posting, and not its complete and utter removal, gives the phishing attack never-ending life. (Source: itpro.co.uk)

Master Hackers Dupe Subsidiary Hackers

The cloud-based method was reportedly created by two unnamed "master hackers" and posted on hacker forums across the Internet. The more hackers that used the method, the more information was stolen and sent to the master hackers. (Source: itpro.co.uk)

"The irony is that anyone using this kit becomes an unknowing member of the master hacker's army. When hackers use this kit and deploy a successful phishing campaign, all the stolen credentials and information goes straight back to the master hacker without the proxy hacker's knowledge. It's very clever. The master hacker never needs to conduct a campaign to see financial gain," says security strategy expert Rob Rachwald of Impervia. (Source: securecomputing.net.au)

Verified by Visa Protection Scheme Cloned

If indestructible phishing kits were not enough to have security companies reeling, consider the next threat: hackers have been able to successfully clone the Verified by Visa and MasterCard SecureCode protection features used by millions of online consumers each day. (Source: itpro.co.uk)

Rate this article: 
No votes yet