Phishing made easy - fraudsters develop 'plug and play' kit

All it takes is a click of a mouse to set up a fake banking web site

Fraudsters are making it easier to set up phishing sites

Fraudsters have developed a new ‘plug-and-play’ phishing kit which can take two seconds to install to create fake banking web sites, according to RSA’s latest monthly Online Fraud Report.

The new kit uncovered by the RSA Anti Fraud Centre (AFCC) is a single file which creates an operational phishing site on a compromised server at the click of a mouse, decreasing the risk of being identified by the PC and network security systems.

The software runs on the compromised host once, and automatically creates the relevant directories and installs all the necessary files, such as HTML pages and images of the bank logo.

‘Within seconds after running a file, a complete phishing site is live,’ says the report.
Creating traditional phishing sites is more time-consuming, increasing the risk of detection as various files are installed one by one in the appropriate directories on a compromised server where the attack is hosted - forcing the hacker to access the server several times to install files manually.

The latest method has targeted just one financial institution, says the report, but the AFCC has shut down the attacks and the phisher’s email address. However, RSA believes that fraudsters will use the new kit to automate hijacking servers and creating new phishing sites.

The kits would ‘significantly decrease the workload involved in creating and launching new attacks,’ warns the report.

Some 70 per cent of all banks being phished are in the US.