We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,994 News Articles

DIY phishing kit for sale

Software automates phishing threat

A ‘universal man-in-the-middle’ phishing toolkit that could allow non-techies to set up fraudulent email attacks has been found on the internet by EMC's RCA division.

RSA reports that its AFCC (Anti-Fraud Detection Center) found the kit being offered in a free demonstration version on a criminal forum monitored by the company.

The kit - said to have a user-friendly interface designed to help the nontechnical criminal - automates the programming needed to pull off a normally tricky man-in the middle attack on websites such as banks or e-commerce sites.

Typically, the attack generated by the kit would start by duping users into clicking on a link embedded within a phishing email. This would direct them to a fraudulent URL able to communicate with the genuine website in real time, retrieving content from that site to make the scam appear as convincing as possible.

Apart from the fact such attacks can be carried out quickly and simply on multiple websites, it offers the advantage of giving criminals access to all information exchanged with the attacked site, not just the basic login. According to RSA, the kit qualifies as 'universal' because it can be used on any website, and thus attacks don't need to be tailored for each site

"As institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets," said Marc Gaffan of RSA.

"While these types of attacks are still considered 'next generation', we expect them to become more widespread over the course of the next 12-18 months," he said.

Working man-in-the-middle attacks are relatively rare but not unheard of by any means. Last year, the Sinowal Trojan was found circulating in Germany by Kaspersky Lab.

RSA was acquired by EMC last summer.


IDG UK Sites

45 Best Android games: top Android games for your smartphone or tablet in 2014 (24 are free!)

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

Do you have the X-Factor too? Mix Off app puts fans in the frame

IDG UK Sites

iPad Pro release date, rumours and leaked images - 12.9 screen 'coming in 2015'