DIY phishing kits available on the Web

DIY phishing kits available on the Web

Do-it-yourself phishing kits are available for download free of charge on the Internet, according to anti-virus technology vendor Sophos.

Sophos says anyone surfing the Web can now get hold of these kits and launch a phishing attack, which uses spam e-mail to direct computer users to fake Web sites in order to deceive them into giving over their personal financial data.

The DIY kits contain all the graphics, Web code and text required to construct bogus sites, which can be designed to have the same look-and-feel as legitimate online banking sites. Spamming software is also included, which enables fraudsters to send out hundreds of thousands of phishing e-mails as bait for potential victims.

Graham Cluley, senior technology consultant at Sophos says until now, phishing attacks have been largely the work of organised criminal gangs, but the emergence of these build-your-own-phish kits means that anybody can now mimic bona fide Web banking sites and con customers into disclosing financial information such as passwords, PIN numbers and account details.

"There is plenty of profit to be made from phishing. By putting the necessary tools in the hands of amateurs, it's likely that the number of attacks will continue to rise," he adds.

Cluley says Web hosts and ISPs can also play their part in the fight against phishers by closing down Web sites offering kit downloads.

Comments: (0)