• United States



by SentinelOne

Phishing Scams as a Service? Thieves Make It Easier To Steal Passwords

Nov 08, 20163 mins

image phishing scams as a service

Do you think it’s easy for hackers to steal your passwords? 

In the past, this may not have been the case, but like most things the technology has improved. Now malware developers are offering phishing as a service (PHaaS) that makes it a simple process to set up a fake login page and then ask people to sign into it. 

No Technical Skills Required 

It used to be that hacking required technical prowess to create malware. Now it’s becoming possible for non-technical people with criminal intent to create a malware attack, and these service providers are making it easy. 

These types of attacks are being offered as malware as a service. It allows malware developers to sell their malicious software as a service online. One example is the new Russian website called Fake-Game. This website gives subscribers access to custom phishing links which they can then send to victims. 

Does it work? So far the site claims that 60,000 active users have stolen almost 700,000 usernames and passwords. 

With an easy-to-use interface and dashboard, subscribers can view the credentials they stole from victims. These credentials can then be sold from $.015 to $15.39 USD each. 

Here’s What You Need To Do To Protect Yourself 

Regularly change your passwords and keep them unique so that if your password is stolen you can minimize the risk to other accounts. 

When you go to a site to enter your credentials (Facebook, Instagram, etc.) get in the habit of looking at your address bar and verifying that the page is actually where you expect it to be before you try to login. 

Use two-factor authentication if the site allows it.  An article in TechTarget states that the “two-factor authentication is a security process in which the user provides two means of identification from separate categories of credentials; one is typically a physical token, such as a card, and the other is typically something memorized, such as a security code.” 

Phishing scams like Fake-Game are an actual working business model that allows thieves to rent malware rather than having to make a one-time purchase. As a legitimate business, Fake-Game even offers customer service via web chat. 

Fake-Game has a Gmail phishing page that looks just like the real page on the Google property. The malware creator even has a feature that will verify credentials once they are entered. 

Now thieves can send a message that pretends it’s from a legitimate website and ask the user to login. After they login, the hacker then has access to their account. 

Phishing Scams Made Easy 

Once they arrive on the site, thieves are able to pick which social media or network they wish to use. Some options are Instagram, Facebook, Steam, and Gmail. Fake-Game then creates a URL that has a unique affiliate ID. It uses this ID to track which customers should get the stolen credentials once they are entered. 

Even though phishing scams are getting easier for thieves, the tips in this article can protect you from losing your information. Follow these tips and invest in an endpoint security protection like SentinelOne to keep your network safe.