Researchers at vpnMentor (opens in new tab) chanced upon two different campaigns that used slightly altered versions of the phishing kit, to target people mostly living in Israel and France.
“According to our research, the first scammer successfully collected 380 Israeli credit cards (opens in new tab). That’s a conversion rate of over 8.5% – quite an accomplishment by phishing standards,” notes (opens in new tab) vpnMentor.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
- These are the best endpoint protection tools (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
- Check our list of the best firewall apps and services (opens in new tab)
The researchers have already notified the credit card companies, though they admit they can’t yet put a number on the effectiveness of the second scam.
In the first scam, the attackers masqueraded as the UPS courier services and scammed over 4400 people. While a majority were Israeli citizens, there were individuals from the US, Brazil, Saudi Arabia, and from all over Europe.
The second scam targeted customers of the Crédit Agricole Bank in France, and is thought to have tricked about 1700 people.
Irrespective of the impact of the scams, vpnMentor argues that the implications of the attack are far more worrying.
Instead of being devised by the attackers, the researchers believe the phishing kit was probably acquired by newbie internet scammers hoping to dabble in online fraud to make a quick buck.
“This is becoming an increasingly popular form of cybercrime – ‘hobby hackers’ with minimal technical experience buying easy-to-use tools like phishing kits to try out cybercrime, often just for fun,” share the researchers.
In fact, vpnMentor was able to discover the phishing kit only because the “hobby hackers” were inexperienced enough to leave their database of the scammed information completely unsecured and unencrypted.
While the cost of such activities may not be as high as more sophisticated, high-profile campaigns like Solarwinds (opens in new tab), their damage can quickly add up, because of the large attack surface area.
- Protect your devices with these best antivirus software (opens in new tab)