Imperva says the phishing kit helps crooks set up fake sites purporting to belong to organisations such as banks to dupe personal and financial data from victims.

However, unknown to these hackers, the creators of the kit use a built in back door to harvest all the credentials. While the proxy crooks may find some success before their phishing sites are closed down, the masterminds gets everything without needing to conduct an open campaign.

The cloud-based approach of the kit - developed in Algeria with Arabic tutorials but itself in English - makes it far harder to shut down than normal phishing scams, says Imperva.

In traditional schemes when you take down a server you affect not only the Web page but also the back end data collection capability. In the cloud version, data collection is hosted separately from the sites which means hackers only need to repost the front end in a new location to be back in business.