This phishing kit is wreaking havoc on thousands of victims

Scams may also have been used in several other campaigns

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have discovered aphishingkit that’s being used by different threat actors to scam people around the world.

Researchers atvpnMentorchanced upon two different campaigns that used slightly altered versions of the phishing kit, to target people mostly living in Israel and France.

“According to our research, the first scammer successfully collected 380 Israelicredit cards. That’s a conversion rate of over 8.5% – quite an accomplishment by phishing standards,”notesvpnMentor.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

The researchers have already notified the credit card companies, though they admit they can’t yet put a number on the effectiveness of the second scam.

Emerging trend

Emerging trend

In the first scam, the attackers masqueraded as the UPS courier services and scammed over 4400 people. While a majority were Israeli citizens, there were individuals from the US, Brazil, Saudi Arabia, and from all over Europe.

The second scam targeted customers of the Crédit Agricole Bank in France, and is thought to have tricked about 1700 people.

Irrespective of the impact of the scams, vpnMentor argues that the implications of the attack are far more worrying.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Instead of being devised by the attackers, the researchers believe the phishing kit was probably acquired by newbie internet scammers hoping to dabble in online fraud to make a quick buck.

“This is becoming an increasingly popular form of cybercrime – ‘hobby hackers’ with minimal technical experience buying easy-to-use tools like phishing kits to try out cybercrime, often just for fun,” share the researchers.

In fact, vpnMentor was able to discover the phishing kit only because the “hobby hackers” were inexperienced enough to leave their database of the scammed information completely unsecured and unencrypted.

While the cost of such activities may not be as high as more sophisticated, high-profile campaigns likeSolarwinds, their damage can quickly add up, because of the large attack surface area.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

MacBook Air OLED reportedly delayed until at least 2028 – here’s why