ITBusiness.ca

Hacking pros offer free phishing kits to wannabe scammers

In a twist, security researchers have discovered a group of hackers who are exploiting a new category of victims — aspiring Internet scammers.

A Moroccan group called “Mr. Brain” is offering free phishing kits on a Web site hosted in France, said Paul Mutton, Internet services developer at Netcraft, a security company in Bath, England.

The software packages make it easy to quickly set up a fraudulent Web site mimicking a known brand in order to trick people into divulging credit card details or bank account numbers. Templates for spam e-mail are also included, targeting brands such as Bank of America, eBay, PayPal and HSBC.

Mr. Brain’s Web site lists the kits and what kind of details each one is capable of collecting, such as usernames, passwords or Social Security numbers. Netcraft posted screenshots on its Web site.

But what the aspiring scammer doesn’t know is that the phishing kits are designed to send any sensitive information that’s collected back to e-mail accounts controlled by Mr. Brain, Mutton said.

“Obviously, that’s why they are offering this stuff for free,” Mutton said. “I was impressed by it.”

Mr. Brain hides the special e-mail function in a blend of PHP scripts, one of which is encrypted, Mutton said. Just in case someone decrypts it, Mr. Brain has written at the top of the file “Don’t need to change anything here. Created by Mr. Brain Morocco Team.”

The scheme seems to be targeted at new phishers, Mutton said. Mr. Brain benefits since other wannabe scammers shoulder the cost and risk of finding an ISP (Internet Service Provider) to host the phishing site, Mutton said.

“Essentially, they’re exploiting all these novice phishers — basically getting them to do all the hard work,” Mutton said.

It’s difficult to tell without further research how many of the free phishing kits linked with this latest scam are live on the Internet, but Mutton said Netcraft noticed one earlier this month targeting Bank of America.

“Clearly, these are actively being used in phishing attacks,” Mutton said.

Comment: edit@itworldcanada.com

Exit mobile version