In addition, at least one of them is potentially affiliated with the OpIsrael political hacking group.
What is a Phishing Kit?
The goal is to trick potential victims into performing several actions that benefit the scammer somehow.
These include:
In the past, phishing campaigns required specific technical skills to be convincing and successful.
A typical phishing kit includes:
Phishing kits make cybercrime accessible to anyone with a laptop and internet connection.
No technical skills are required.
Various file formats storing sensitive data
Now, lets take a look at how this phishing kit was being used.
They were then directed to a payment page to pay for the delivery.
Other countries targeted include the US, Brazil, Saudi Arabia, and much of Europe.
Various file formats storing sensitive data
Whos Behind The Scam?
The directory listing contained scripts for the text sent to Israeli targets, written in broken Hebrew.
So, at the very least, we can most likely rule out an Israeli crime gang.
feels like the party operating the phishing kit are based in Morocco.
We suspect these entries belong to the scammer.
These included:
Poor phrasing:The texts targeting Israeli residents contained numerous grammatical errors.
False sense of urgency:Recipients were pressured into paying quickly to secure the delivery of their package.
We believe this phishing campaign successfully scammed up to 1,700 people in France.
Whos Behind This Scam?
The person running this scam didnt do a very good job of hiding their identity.
Thats a conversion rate of over 8.5% - quite an accomplishment by phishing standards.
The scammer may have hoped to sell the credit card details to another party, rather than using them.
Privacy Affairs research states that Israeli credit cards including CVV numbers could be sold for $65 each.
We currently dont know how effective the second scam was.
However, as weve already notified the credit card companies affected by both scams, the files are redundant.
Nobody could use them in a successful fraud any longer.
Unfortunately, many people are uneducated on how to spot an internet scam.
And as cybercrime becomes easier and more accessible to just about anyone, people will continue to fall victim.
But they will quickly add up.
One server we uncovered connected to the phishing kit was also being used for OpIsrael attacks.
They often work hand-in-hand or complement each other due to shared interests and targets.
Our researchers use large-scale web scanners to search for unsecured data stores containing information that shouldnt be exposed.
They then examine each data store for any data being leaked.
The purpose of this web mapping project is to helpmake the internet safer for all users.
Wenever sell, store, or expose any informationwe encounter during our security research.
Our ethical security research team has discovered and disclosed some of the most impactful data breaches in recent years.
This has includedexposing the growing popularity of cybercrime groups on Telegram.
We also revealed howa data leak by the biggest US baby apparel chainhad compromised 100,000s of customers data.
You may also want to read ourVPN Leak Report and Data Privacy Stats Report.
Help Us Protect The Internet!
Check the Leak Box here »
like, comment on how to improve this article.
