Site icon IT World Canada

How a phishing-as-a-service operation works

One of the reasons phishing is still a major tactic used by attackers is that it’s so easy to get started thanks to phishing-as-a-service (PhaaS) offerings by cybercrooks.

Microsoft has released a report on one of them, called BulletProofLink, which sells phishing kits, email templates, hosting, and automated services at a relatively low cost.

“With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today,” the report says.

“BulletProofLink (also referred to as BulletProftLink or Anthrax by its operators in various websites, ads, and other promotional materials) is used by multiple attacker groups in either one-off or monthly subscription-based business models, creating a steady revenue stream for its operators.”

The report also warns that PhaaS operations include the “double theft” of stolen credentials: Captured usernames and passwords are sent to both the phishing-as-a-service operator and the cybercrooks who buy the service.

As an example of what can be bought, the report includes a screenshot of a BulletProofLink product page offering a realistic-looking but fake Microsoft Office 365 login page for US$100, a fake login page for the DHL courier service for US$100 and a fake DocuSign page for US$80.

(Image by Microsoft)

As with ransomware-as-a-service, PhaaS operations allow attackers to buy large portions of or complete phishing campaigns, including false sign-in page development, website hosting, and credential parsing and redistribution.

Many phishing service providers also offer a hosted scam page solution they call “FUD” Links or “Fully undetected” links, says the report, which are viable until users click them. Attackers who pay for these services receive the stolen credentials later on.

To help their customers, BulletProofLink or its aliases offer YouTube and Vimeo pages with instructional advertisements as well as promotional materials on forums and other sites. Customers can communicate through Skype, ICQ, forums, and chat rooms. It also offers a 10 per cent welcome discount on customers’ orders when they subscribe to their newsletter.

To build resilience against phishing attacks in general, the report says infosec teams should use anti-phishing policies to enable mailbox intelligence settings, as well as configure impersonation protection settings for specific messages and sender domains. Microsoft also strongly urges organizations to adopt multifactor authentication to prevent stolen credentials from being abused.

 

Exit mobile version