IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Criminals offer phishing kits on the net for free

Malware authors are giving away phishing kits to fraudsters for free in return for financial information on victims, according to an RSA report.

Phishing kits are on the increase and are being given away for free by their authors, according to a new report.

The kits are being offered on underground forum-based websites, often for no money, to criminals to use in attacks against financial institutions. Code is frequently inserted into the kits, meaning that stolen personal information from victims is sent back to both the creator as well as the criminal sending out the phishing email.

According to the latest RSA report, this harvesting of stolen credentials is the main reason why the authors of the kits are so willing to give away their products rather than charge for them.

Of particular note are Man-in-the-Middle phishing attacks. According to the threat report's authors, the increase in the number of these threats correlates with a greater number of discussions held by criminals on forums about "curl attacks", which is the name give to such attacks by fraudsters.

Christopher Young, vice president of Consumer and Access Solutions Group at RSA said that as institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets.

"While these types of attacks are still considered 'next generation', we expect them to become more widespread over the course of the next 12-18 months," he said.

"We are working with many organisations to ensure they are positioned to withstand whatever threats fraudsters may create. Some of these organisations have already deployed various layers of protection and others are in the process of strengthening their security."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Open source giant Red Hat joins HPE GreenLake ecosystem
automation

Open source giant Red Hat joins HPE GreenLake ecosystem

28 Jun 2022
Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022