20 April 2018
visit www.nextgenbanking.co.uk

Phishers targeting phishers

25 January 2008  |  7900 views  |  0 ID Fraud

In a new twist, would-be fraudsters are being scammed by a gang offering free do-it-yourself phishing kits on the Internet, says e-security outfit Netcraft.

The kits are the work of a group of Moroccon fraudsters known as "Mr Brain", says Netcraft's Paul Mutton in a blog. Hidden code embedded in the kits sends any personal information stolen by would-be fraudsters back to Mr Brain.

The gang has launched a Web site offering kits for targets such as Bank of America, eBay, PayPal and HSBC. On offer to potential fraudsters are phishing site code, e-mail templates and other hacking tools. Mutton says the tools and code make it easy and quick for fraudsters to set up phishing sites with only a basic knowledge of PHP programming.

NetCraft says the gang's site claims the kits can be used to steal confidential data such as social security, credit card and PIN numbers. The gang claim the kits are undetectable by Mozilla, Opera and Internet Explorer browsers.

But, what the kits' users don't know is that hidden code sends the stolen details back to the Mr Brain group's e-mail accounts. Mr Brain disguises its e-mail address by exploiting the case-sensitivity in PHP variable names.

"Most fraudsters are unlikely to notice this level of obfuscation and will assume the script is working normally, as they will also receive a copy of any e-mails produced by the script," says Mutton in his blog.

"Such deception is a useful tactic for any fraudster who wishes to maximize the number of successful attacks, as the work of deploying the phishing sites and sending the mails is then carried out free of charge by novice fraudsters on behalf of the author," adds Mutton.

Earlier this month Mutton says he warned of a similar scam involving a kit that targets Bank of America customers.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Natwest most targeted by phishers

Natwest most targeted by phishers

23 January 2008  |  7949 views  |  0 comments
Dutch cops arrest 14 ABN Amro customers as phishing mules

Dutch cops arrest 14 ABN Amro customers as phishing mules

20 December 2007  |  8644 views  |  0 comments
US phishers targeting UK customers

US phishers targeting UK customers

18 October 2007  |  7960 views  |  0 comments
Phishers angling for fatter fish

Phishers angling for fatter fish

10 November 2006  |  8381 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.ebaday.comVisit http://response.ncr.com

Top topics

Most viewed Most shared
Revolut launches spare change savings toolRevolut launches spare change savings tool
9486 views comments | 14 tweets | 19 linkedin
TransferWise becomes first non-bank to open settlement account with BofE RTGSTransferWise becomes first non-bank to ope...
8425 views comments | 17 tweets | 30 linkedin
Barclays Bank sets up tech venture unitBarclays Bank sets up tech venture unit
8256 views comments | 16 tweets | 22 linkedin
Goldman Sachs acquires PFM startup Clarity MoneyGoldman Sachs acquires PFM startup Clarity...
7841 views comments | 9 tweets | 10 linkedin

Featured job

to $120K base, 200K ote, benefits
New York City, NY - USA

Find your next job