Phishing-as-a-Service Fuels Evasion Methods, Email Scam Growth
Over the past years, phishing campaigns have become the most rampant form of cybercrime and an exponentially increasing threat to organizations. The vast majority of organizations have been targeted by phishing. Scammers increasingly target corporate users with phishing scams that allow them to steal credentials that can be used for BEC scams, social engineering, or to steal confidential information.
In order to execute a phishing campaign, threat actors are required to have some basic technical knowledge to utilize phishing kits, compromise sites to host the phishing landing pages that are used to steal credentials, and to create realistic spam campaigns.
To overcome this barrier of entry, new criminal sites are being developed that provide a Phishing-as-a-Service that includes a phishing kit and hosting for phishing forms at a very low cost. This allows would-be criminals with little technical knowledge to easily get started with their own phishing campaigns.
The motive behind this is that phishing sites are easy to promote and lead to a faster return on investment (ROI). Phishing, as part of social engineering schemes, lures victims into executing actions without realizing the malicious drive. The less aware the targeted user is, the more fruitful the attack.
The phishing templates that are available include Sharepoint, Office 365, LinkedIn, OneDrive, Google, Adobe, Dropbox, DocuSign, and many more. These templates range from $30 to $80 and include one month of hosting for the page.
In a recent report by cloud-based security provider Cyren, these new services have enabled the rapid growth of new phishing campaigns being created.
“Today’s reality is that we are seeing more evasive phishing campaigns in the hands of more attackers at less effort and lower cost than in the past, as technically sophisticated phishing attack developers have adopted a SaaS business model to let even the most amateur criminal wanna-be spoof targeted web sites with a high degree of authenticity and embedded evasive tactics,” stated the report by Cyren.
Reference:
Newsletter Sign Up
Contact Us
Learn more about what Techcess CyberSecurity Group can do for your business.
1-833-TXCYBER
1-833-892-9237
Techcess CyberSecurity Group
6110 Clarkson Lane
Houston, Texas 77055
Techcess CyberSecurity Group
Houston, Texas 77055