Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Feb 18, 2019

There seems to be a kit available for everything nowadays.

GettyImages-687687166_lowres.jpg

The web is inundated with advertisements for kits to help with daily meal planning, weekly work planners, or even month wardrobe assistance. You can even now find phishing kits targeted to specific applications or cloud services that are good enough to fool an employee of the targeted company or even the most frequent user of said application or service.

What is a Phishing Kit?

All brands have very specific brand guidelines to ensure consistency and global recognition. For larger brands, these guidelines are well known and can be easily duplicated in order to fool the average person with a phishing attack. Phishing kits provide a turnkey approach to attacking a specific target by providing all the materials using that target’s specific brand guidelines. CSO Senior Staff Writer Steve Ragan best explains what a phishing kit is:

“A phishing kit is the web component, or the back-end to a phishing attack. It's the final step in most cases, where the criminal has replicated a known brand or organization. Once loaded, the kit is designed to mirror legitimate websites, such as those maintained by Microsoft, Apple or Google.

The goal is to entice the victim just enough so they'll share their login details and other sensitive data, which will vary depending on the phishing scam. Developed using a mix of basic HTML and PHP, most phishing kits are stored on a compromised web server or website, and usually only live for about 36 hours before they are detected and removed.”

Mr. Ragan also talks about why phishing is so effective:

“Phishing attacks typically stress urgency or play on a person's willingness to help. Phishing attacks can also evoke a sense of fear, by warning of serious consequences. Sometimes you'll see this as a threat to suspended services, the loss of critical data, or various personal consequences. The most common observation, though, is that phishing attacks start by triggering the victim's sense of curiosity. This is why the victim opens the email to begin with.”

Microsoft Targeted by Most

We have reported at length on the previous Microsoft vulnerabilities, so it comes as no surprise that Microsoft Office and Outlook top the list of targeted phishing attacks. This has been documented by SecurityWeek international correspondent Ionut Arghire who reported that “Office 365, Outlook Credentials Most Targeted by Phishing Kits” and specifically wrote:

“During the third and fourth quarters of 2018, Microsoft Office was the brand targeted the most by phishing kits, attracting 25.4% of assaults. At 17.2%, Yahoo was the second most targeted, followed by PayPal at 17.1%. Dropbox (9.8%) and Apple (5.0%) rounded up top five most targeted brands.”

Develop a Phish Prevention Ecosystem

The most effective phish prevention strategy will include an ecosystem that accounts for the malware infiltration, email protection and human education components in order to be most effective.

Understanding that any executable code inside of content is malicious will ensure your malware infiltration solution is a best first line of defense. Combine that with targeted email threat protection and security awareness training for your employees and you will have everything you need to protect against these advanced phishing kits in the hands of cybercriminals intent on extorting your organization.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Feb 18, 2019

You may also like:

Mimecast Discovers Microsoft Office Product Vulnerability CVE-2019-056…

Understand the security implications of …

Understand the security implications of the latest patched M… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Enterprise Security Campaigns

Posted Jan 08, 2019

Cryptojackers Strike Again

No organization is exempt from cryptojac…

No organization is exempt from cryptojackers. It doesn&rsqu… Read More >

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Jan 10, 2019

New Year, New Prices: Bridging the Cyber Divide

You’re “rebuying” tech…

You’re “rebuying” technology services ever… Read More >

Ed Jennings

by Ed Jennings

Chief Operating Officer

Posted Jan 29, 2019