Criminals use free kits for phishing attacks

PandaLabs has discovered several free phishing kits on the Internet which allow cyber-crooks to send out fraudulent emails.

These tools allow cyber-crooks to spoof bank pages and emails, online pay platforms, Gmail and Yahoo!Mail mail accounts, online games (Xbox password theft) and blogs (Fotolog access credentials).

These kits operate as follows: upon accessing a URL that contains the kits, users obtain the files to create a fraudulent mail; one file allows them to spoof mails of banks, pay platforms etc., and the other allows them to create a fraudulent page that resembles the original. Additionally, the kit includes a PHP program, which is also free, to send emails from the spoofed page.

The rest of the process is similar to other phishing cases: the false email is sent to several mail addresses, with a link to a malicious page in which users are requested to enter the data cyber-crooks are after; email addresses, bank passwords, etc.

Cyber-crooks can also choose the way in which to receive the stolen data; TXT files stored on a server, a message in their mailbox, etc.