Blog

Phishing Kits and Tackle Boxes: Understanding the Danger and Being Prepared

July 14, 2015 | Heroix Staff

Fishers and phishers both use lures to attract the unsuspecting. Fishers of course catch fish, while phishers capture confidential data that can be used to gain unauthorized access to secure systems. Here's a closer look at how phishers go phishing and the tools they use. We'll also cover a few preventative tips to make sure you don't fall for phishing scams.

Phishing Kits

Professional phishers usually have a go-to tackle box or phishing kit that they use on their phishing endeavors. Some phishers make tackle boxes for themselves, but others use pre-made phishing kits. Pre-made phishing kits can come with email and proxy server lists, pre-generated HTML pages, hosting services, and even scripts to process user input.

What does the average phisher's tackle box look like?

Phishers don't have to be technologically advanced because they can purchase a virtual tackle box that comes with all the tools they'll need to start their phishing attacks:

  • Specialized malware
  • Technical deceit
  • Abuse of DNS
  • Bots/botnets
  • Session hijacking

Specialized Malware

Malware has become extremely sophisticated over the past few years. With the simple installation of malware on a single computer, phishers can spread through a network and dig themselves in to make complete removal extremely difficult. Once they're in, they can start stealing confidential information and sending it back over the internet to their own servers. Phishers have become incredibly successful at being able to redirect traffic from a legitimate web server to their own web site. Once the phisher's site is accessed from the victim's computer, they can infect the victim with malware, take advantage of browser vulnerabilities, or steal credentials when the user attempts to log on.

Technical Deceit

Because more people are becoming aware of phishing and how to identify deceitful online tactics, technical deceit has become more advanced as well. Phishers now have the capability to fully mimic web pages and dialog boxes, providing direct access to authentication information.

Botnets

A botnet is a large number of computers that have been infected with bot malware. When the malware is activated, the infected computers can be used to send spam, take part in DDOS attacks, steal credentials, etc. Bots are often deployed through social networking platforms via mass mailing, instant messaging features, and file-sharing applications. Phishers with control over the botnets can perform an assortment of illicit activities, including:

  • Proxy services
  • Sending spam and phishing emails
  • Surveillance
  • Installation of malware
  • Updating existing malware

Session Hijacking

Even though most phishing scams take place by leading a person to a malicious site, there are instances in which a session can be hijacked. By capturing cookies or session IDs, hackers can impersonate users, even if the user is logged on to a legitimate site following standard security practices.

Tips for Avoiding Phishing Scams

Now that you know what the average phisher's tackle box looks like, you can take measures to avoid phishing and malware. Tips to keep in mind include:

  • Learn about phishing: The only way to avoid a problem is if you know it exists, so make sure to keep yourself regularly updated on the latest phishing scams.
  • Use browser add-ons and plugins: All major browsers have add-ons, extensions and plugins that can looks for signs of phishing and provide warnings for sites with bad reputations.
  • Look for "https": On any site that you are asked to enter personal/financial information, make sure the URL link starts off with https instead of http. Https sites use security certificates that not only validate the identity of the site, but also encrypt any data you send over the internet.

Contact Heroix for more details on how you can detect malware and phishing in your network.