Microsoft Discovered a Massive Phishing-as-a-Service Operation

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

 

On September 21, Microsoft’s security team announced that it has discovered a huge operation that delivers phishing services to cybercrime gangs via a hosting-like infrastructure that the OS maker equated to a Phishing-as-a-Service (PHaaS) model. 
The service, known as BulletProofLink, or Anthrax, is now being promoted on underground cybercrime forums. The service is an extension of “phishing kits,” which are compilations of phishing websites and templates that seem like login forms from well-known firms. 
BulletProofLink takes this to the next level by including built-in hosting and email-sending capabilities. Customers pay an $800 charge to register on the BulletProofLink site, and the BulletProofLink administrators manage everything else. 
The part of the service includes establishing up a web page to host the phishing site, installing the phishing template itself, configuring domain (URLs) for the phishing sites, sending the actual phishing emails to desired victims, collecting credentials from attacks, and then delivering the stolen logins to “paying customers” at the end of the week. 
If criminal networks wish to change up their phishing templates, the BulletProofLink group has a different marketplace where threat actors may buy new templates to utilise in their assaults for $80 to $100 per template.
According to The Record, there are approximately 120 distinct phishing templates accessible on the BulletProofLink shop now. 

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: Microsoft Discovered a Massive Phishing-as-a-Service Operation

Liked it? Take a second to support IT Security News on Patreon!
Become a patron at Patreon!