Phishing Toolkits are Now More Sophisticated, says Symantec

According to Symantec the security company, its exploration of the phishing toolkit market reveals the way such toolkits bought and sold enable e-mail frauds in an increasingly professional, genuine-appearing trade that's devised for stealing users' data.

Fresh analysis by the anti-virus as well as security company of the phishing economy as also the way phishing toolkits facilitate easy-to-execute phishing campaigns has resulted in discovering that even with a very low price of $2 a toolkit could make a scammer dupe gullible users.

Symantec notes that during many years till now, phishing that involves dispatch of fake e-mails, web-links and documents for defrauding users into giving away their sensitive information, account logins alternatively making them download malicious software onto their computers can be seen as evolving.

Symantec explains that phishing scams don't anymore mean just phishing e-mails that some unforgotten uncle from Africa sent else the victim's bank directing him for altering his account details rather the attacks involve genuine-appearing spoofed electronic mails received not just from utterly strange ids, but even from the victims' own contacts whose A/Cs have been compromised.

With new malware toolkits along with templates arriving for sale on underground forums, phishing campaigns are being pushed forward with the addition of their fabrication and development.

According to a blog-post by Roberto Sponchioni, Security Researcher with Symantec, phishing toolkits are available in the price range $2-$10. These toolkits don't necessarily need technical skill for operating; merely the fundamental knowledge about PHP would enable their operators to craftily make the phishing pages for fulfilling the phishing requirements, the researcher explains. Securityweek.com published this, February 12, 2015.

Sponchioni continues that certain toolkits are pretty basic while just contain 2 web-pages; nevertheless, others seem increasingly professional as also persuasive, involving fourteen separate language files and over twenty five PHP files which the user may load as per his location. Usually, such phishing enables in imitating well-known websites' appearance that are of organizations handling banking, cloud storage, e-mail etc.

Finally, Symantec's analysis shows that out of 800 websites hijacked for hosting phishing toolkits, most have been in USA, with some more regions being India, Canada, Germany and Ukraine.

» SPAMfighter News - 2/19/2015