Group-IB Specialists reportthat in the market of phishing whales (“designers” for the mass creation of phishing sites) there is an increase in sales. Experts explain the growing popularity of phishing whales with a low threshold for entering this market and the simplicity of the earnings scheme. In 2019, the favorite brands on behalf of which the fake pages were created, the creators of the phishing whales were Amazon, Google and Office 365.
According to the Group-IB team, which analyzed hundreds of underground forums, in 2019 the number of active sellers of phishing sets increased by more than 120% compared to the previous year. As expected, the number of unique ads posted on these resources has also more than doubled.
The cost of a phishing set has also increased, having doubled compared to 2018. So, on average, last year developers asked for $ 304 for a phishing kit, but in general prices ranged from $ 20 to $ 880. For comparison, in 2018, the prices of phishing sets ranged from $ 10 to $ 824, and the average value was $ 122.
As a rule, the cost of phishing sets depends on their complexity, namely on the quality and number of phishing pages, as well as the availability of additional services, such as, for example, technical support from the developer. Sometimes phishing sets are generally offered on forums for free. This is not due to the generosity of the sellers, but the likely presence of backdoors in them that allow their authors to gain access to compromised data.
Last year, Group-IB Threat Intelligence detected over 16,200 unique phishing kits. However, their detection is constantly complicated: cybercriminals try to hide the use of fish-kit, remove it from the code or resort to various methods of hiding. So, only 113,460 of 2.7 million, that is, 4% of the detected phishing pages, allowed to identify the “traces” of the phishing sets used.
The growing demand for phishing kits is also evidenced by the number of unique email addresses found in them: according to CERT-GIB, last year this indicator grew by 8%. This may indicate an increase in the number of their operators.
To attract buyers, the developers of phishing sets use well-known brands with a large audience, which in theory should facilitate the implementation of fraudulent schemes for future owners of such sets.
In 2019, the most commonly used brands in phishing sets were Amazon, Google, Instagram, Office 365, and PayPal, and Exploit, OGUsers, and Crimenetwork introduced TOP-3 online platforms for trading phishing sets.
“Phishing suite developers are the driving force behind the phishing business worldwide. One person can stand behind the creation of hundreds of phishing pages and earn thousands of dollars from this, while undetected for a long time. Therefore, the focus of cybersecurity experts should shift from blocking phishing pages to searching and identifying creators of phishing whales. In the practice of Group-IB, there are a number of investigations, thanks to which it was possible to reveal the identities of the developers of phishing sets. By sharing such information with relevant law enforcement agencies and ensuring the detention of cybercriminals, Group-IB aims to prevent the further spread of this “disease” and to combat not its manifestations in the form of phishing pages, but with its causative agents – the creators of phishing sets, making their work economically disadvantageous ” – comments Dmitry Volkov, CTO, Head of Threat Intelligence and co-founder of Group-IB.