Wednesday, March 4, 2009

Phishing Kit. Creator automatic of fraudulent sites

Cybercrime is on the agenda and crime put all their efforts on sophisticated and automate their criminal strategies to further fuel the whole network of criminals who are fueled by the profits at the expense of users.

One of the most common scams today are phishing attacks, where one of the methods normally used is the cloning sites of financial institutions and banks looking to get sensitive data through deception exposed on the weaknesses of the human factor.

However, the cloning site isn't always limited to a page similar to the real banks, but also can point your gun at popular sites and acquaintances as we saw in previous post.

Now the question is: how do you manage to automate the creation of fake pages?

Clearly, the answer round programs to create easy and simple as it belongs to the following interface.

These programs allow the cloning of a page with minimal effort which is embodied in the simple act of copying the source code of the real web, pass the program and make two clicks to get the fraudulent site, offering the possibility of "playing "the code and adapt it to seek benefits the attacker.

In this way to get the file structure that we mentioned days ago with the creation of a plain text file and login.php, getting results like this then spread through social engineering.

Very similar to a legitimate site where practically very difficult to detect deception for less experienced users in this type of criminal strategies.

On the other hand, this is a latent risk as this, to commit fraud in this style isn't limited to possess advanced knowledge of computers but just one person knows for copy and paste, using his fraudulent site within minutes.

Related Information
Phishing Kit In-the-Wild for cloning of web site, version 2 - Spanish version
Phishing Kit In-the-Wild for cloning of web site - Spanish version


# Jorge Mieres

No comments: