23 October 2017
visit www.avoka.com

Phishers targeting phishers

25 January 2008  |  7808 views  |  0 ID Fraud

In a new twist, would-be fraudsters are being scammed by a gang offering free do-it-yourself phishing kits on the Internet, says e-security outfit Netcraft.

The kits are the work of a group of Moroccon fraudsters known as "Mr Brain", says Netcraft's Paul Mutton in a blog. Hidden code embedded in the kits sends any personal information stolen by would-be fraudsters back to Mr Brain.

The gang has launched a Web site offering kits for targets such as Bank of America, eBay, PayPal and HSBC. On offer to potential fraudsters are phishing site code, e-mail templates and other hacking tools. Mutton says the tools and code make it easy and quick for fraudsters to set up phishing sites with only a basic knowledge of PHP programming.

NetCraft says the gang's site claims the kits can be used to steal confidential data such as social security, credit card and PIN numbers. The gang claim the kits are undetectable by Mozilla, Opera and Internet Explorer browsers.

But, what the kits' users don't know is that hidden code sends the stolen details back to the Mr Brain group's e-mail accounts. Mr Brain disguises its e-mail address by exploiting the case-sensitivity in PHP variable names.

"Most fraudsters are unlikely to notice this level of obfuscation and will assume the script is working normally, as they will also receive a copy of any e-mails produced by the script," says Mutton in his blog.

"Such deception is a useful tactic for any fraudster who wishes to maximize the number of successful attacks, as the work of deploying the phishing sites and sending the mails is then carried out free of charge by novice fraudsters on behalf of the author," adds Mutton.

Earlier this month Mutton says he warned of a similar scam involving a kit that targets Bank of America customers.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Natwest most targeted by phishers

Natwest most targeted by phishers

23 January 2008  |  7880 views  |  0 comments
Dutch cops arrest 14 ABN Amro customers as phishing mules

Dutch cops arrest 14 ABN Amro customers as phishing mules

20 December 2007  |  8568 views  |  0 comments
US phishers targeting UK customers

US phishers targeting UK customers

18 October 2007  |  7618 views  |  0 comments
Phishers angling for fatter fish

Phishers angling for fatter fish

10 November 2006  |  8043 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.niceactimize.comRegister nowvisit www.atos.net

Top topics

Most viewed Most shared
Mastercard to roll out blockchain APIMastercard to roll out blockchain API
19002 views comments | 26 tweets | 38 linkedin
HSBC partners Bud for open banking trialHSBC partners Bud for open banking trial
15062 views comments | 23 tweets | 32 linkedin
Sibos 2017: API or the highwaySibos 2017: API or the highway
10920 views comments | 12 tweets | 23 linkedin
Eight banks form joint venture to launch blockchain trade platformEight banks form joint venture to launch b...
8950 views comments | 14 tweets | 28 linkedin

Featured job

Competitive base, commission, benefits
London, UK

Find your next job