PayPal users beware, security researchers from Proofpoint have run into an innovatory high-end phishing kit which automates the process of building and expanding phishing pages.
Threat Details
PayPal users beware, security researchers from
Proofpoint have run into an innovatory high-end phishing kit which automates the process of building and expanding phishing pages. Moreover, it is extremely efficient at collecting login and user credentials from PayPal users. As stated by the researchers, the phishing kit could be used to develop multi-stage phishing pages that collect user information and then log the data in a backend for exploitation later, which could include financial transactions to fraudulent accounts cross boundaries. See the data collection process below:-
Researchers at
Proofpoint state that the High-End Phishing Kit checks for valid PayPal email addresses, data validation in real-time as soon as the user submit details. It analyses authenticity of the login credentials & credit card numbers and whether it satisfies the
Luhn Algorithm.
Want to know more about phishing?
The standout feature of this new Phishing Kit is that the pages created by it are designed to detect fake login credentials and hence avoids them altogether. The other feature is that it comes with a backend
GUI. The presence of an admin panel like the one described is currently quite rare though panels analogous with APT activities and ‘white hat’ phishing frameworks exists. A peek into the
Backend Panel of the Phishing Kit
On closer inspection of the Phishing Kit’s backend panel (5), it had an option to enable a ‘Selfie’ page, which is something new in this regard. The selfie page uses
Flash to connect to the user’s webcam and allows it to take a photo of the victim’s face which can then be used to validate transactions or biometrics systems. With the services of such high-end, sophisticated tools at their disposal, crooks can become highly efficient in targeting PayPal users and possibly other such services.
Quick Tips to secure from Spear Phishing Attacks
- Typing the URL directly on to the browser is the most secure way of accessing any intended website to avoid falling victim of links received in the body of the email with hidden malicious URLs. This precautionary mode is one of the simplest and effective ways to avoid being victimized by Phishing attacks.
- In corporate environments, it is always ideal to restrict outgoing traffic, to avoid users browsing to malicious websites through phishing emails and leak sensitive credentials to the criminals.
- A secure browser is the new technical that is available on the market, which can secure the technology environment from malicious software, but still cannot stop leaking of sensitive data to a fake website.
- Configure conventional data security solutions efficiently to detect credentials flow to suspicious websites, other than the whitelisted regular websites like PayPal and Skrill.
