They saw an extraordinary amount of sensitive customer account information, obtained the latest phishing kits, located and examined the tools used by phishers, trolled sites buying and selling identities, and even social engineered a few scammers.
In this interview, they expose the tactics and tools that phishers use, illustrate what happens when your confidential information gets stolen, discuss how phishers communicate and even how they phish each other.
What are phishing kits and how are they distributed?
Rios: Phishing kits are the tip of the iceberg, they are the piece of the phishing eco system that everyone sees and knows about. The typical phishing kit consists of the HTML that makes up the forged site that the user sees and the backend logic that used to steal the victims information. Most phishing kits are probably created by a small number of individuals and typically sold on phishing forums. Although the various kits have different front ends and HTML content, the back end logic is surprisingly similar for most of the kits we've seen. These kits are used over and over again and most of the phishing sites you've seen are probably a variant of small set of phishing kits. Many think that phishing sites are all custom jobs that a particular phisher has developed and deployed. The reality is pre-made, ready-to-deploy, turnkey sites are already created for practically every major organization that you can think of. All a phisher has to do is purchase the latest kit and deploy, no technical expertise or coding skills are really required. All the phisher typically has to do is place their email address into one line of code and they have a ready to deploy phishing site.