20 August 2017
visit www.avoka.com

Phishers targeting phishers

25 January 2008  |  7745 views  |  0 ID Fraud

In a new twist, would-be fraudsters are being scammed by a gang offering free do-it-yourself phishing kits on the Internet, says e-security outfit Netcraft.

The kits are the work of a group of Moroccon fraudsters known as "Mr Brain", says Netcraft's Paul Mutton in a blog. Hidden code embedded in the kits sends any personal information stolen by would-be fraudsters back to Mr Brain.

The gang has launched a Web site offering kits for targets such as Bank of America, eBay, PayPal and HSBC. On offer to potential fraudsters are phishing site code, e-mail templates and other hacking tools. Mutton says the tools and code make it easy and quick for fraudsters to set up phishing sites with only a basic knowledge of PHP programming.

NetCraft says the gang's site claims the kits can be used to steal confidential data such as social security, credit card and PIN numbers. The gang claim the kits are undetectable by Mozilla, Opera and Internet Explorer browsers.

But, what the kits' users don't know is that hidden code sends the stolen details back to the Mr Brain group's e-mail accounts. Mr Brain disguises its e-mail address by exploiting the case-sensitivity in PHP variable names.

"Most fraudsters are unlikely to notice this level of obfuscation and will assume the script is working normally, as they will also receive a copy of any e-mails produced by the script," says Mutton in his blog.

"Such deception is a useful tactic for any fraudster who wishes to maximize the number of successful attacks, as the work of deploying the phishing sites and sending the mails is then carried out free of charge by novice fraudsters on behalf of the author," adds Mutton.

Earlier this month Mutton says he warned of a similar scam involving a kit that targets Bank of America customers.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Natwest most targeted by phishers

Natwest most targeted by phishers

23 January 2008  |  7841 views  |  0 comments
Dutch cops arrest 14 ABN Amro customers as phishing mules

Dutch cops arrest 14 ABN Amro customers as phishing mules

20 December 2007  |  8511 views  |  0 comments
US phishers targeting UK customers

US phishers targeting UK customers

18 October 2007  |  7552 views  |  0 comments
Phishers angling for fatter fish

Phishers angling for fatter fish

10 November 2006  |  7974 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.niceactimize.comvisit www.worldpaymentsreport.comdownload the paper now

Top topics

Most viewed Most shared
Mobile contactless spending accelerating in UKMobile contactless spending accelerating i...
9213 views comments | 23 tweets | 23 linkedin
Norwegian banks and startups form fintech clusterNorwegian banks and startups form fintech...
7930 views comments | 19 tweets | 23 linkedin
RBS to bring Silicon Valley to EdinburghRBS to bring Silicon Valley to Edinburgh
7401 views comments | 10 tweets | 7 linkedin
hands typing furiouslyWhy Is Risk Analytics Important?
6757 views 0 | 1 tweets | 1 linkedin
hands typing furiouslyWhy Blockchain Might Not Be The Future For...
6532 views 1 | 5 tweets | 3 linkedin

Featured job

Competitive base and bonus, plus benefits
London, UK

Find your next job