Free Phishing Platform Has Created More than 140,000 Spoofed Websites
A free phishing-as-a-service (PhaaS) platform named Sniper Dz has assisted in the creation of more than 140,000 phishing sites over the past year, according to researchers at Palo Alto Networks. The service allows unskilled criminals to spin up sophisticated phishing sites that steal credentials or deliver malware.
“For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages.” Phishers can either host these phishing pages on Sniper Dz-owned infrastructure or download Sniper Dz phishing templates to host on their own servers. Surprisingly, Sniper Dz PhaaS offers these services free of charge to phishers – perhaps because Sniper Dz also collects victim credentials stolen by phishers who use the platform to compensate for the cost of service.
The kit’s developers have taken measures to hide the phishing sites from security providers, so the sites stay up longer before being flagged as malicious.
“Sniper Dz uses a unique approach of hiding phishing content behind a public proxy server to launch live phishing attacks,” the researchers write. “The criminals behind this platform auto-setup the proxy server to load phishing content that is hosted on their server. We believe this approach could be useful in protecting their infrastructure from detection.”
The threat actors also abuse legitimate services to host the sites, which increases the likelihood that the phishing links will bypass security filters.
“Criminals using Sniper Dz often abuse legitimate software-as-a-service (SaaS) platforms to host phishing websites,” the researchers write. “When establishing their infrastructure, these phishers include popular brand names, trends, and even sensitive topics as keywords to lure victims into opening and using their phishing pages. After stealing credentials from a victim, this infrastructure can redirect the victim to malicious advertisements including distribution of potentially unwanted applications or programs (PUA or PUP) like rogue browser installers.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Unit 42 has the story.
Can hackers spoof an email address of your own domain?
Are you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit “CEO Fraud”, penetrating your network is like taking candy from a baby.
Now they can launch a “CEO fraud” spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.
Find out now if your domain can be spoofed. The Domain Spoof Test (DST) is a one-time free service. Run this test so you can address any mail server configuration issues that are found.
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/domain-spoof-test-partner?partnerid=001a000001lWEoJAAW