The Hidden Dangers of Phishing Kits for Seattle Business Leaders

As a successful Seattle business leader, you know how to keep on top of your task list. It’s highly likely that you rely on a few proven productivity hacks to get work done and, over the years, you’ve figured out some handy shortcuts that help you get tasks done faster. 

Unfortunately, cybercriminals have also created shortcuts to help them speed through their nefarious task lists. These shortcuts, known as “phishing kits,” could deeply endanger your company’s data, as well as your reputation. 

It’s time you knew the facts on phishing kits, so you can defend your Seattle business properly. 

What’s a Phishing Kit?

A phishing kit is a zip file of reusable phishing materials that help cybercriminals quickly and easily launch new phishing campaigns. They’re like a web template for carrying out phishing attacks. 

A phishing kit typically contains: 

  • HTML code files that clone the appearance of legitimate landing pages from companies like Apple, Dropbox, DocuSign, or Office 365
  • Code files that define what information to collect on a phishing form and where to send that information

Sometimes, phishing kits also include evasion techniques, such as built-in code that blocks cybersecurity researchers from viewing or accessing the phishing page, or code that makes the page generate a new URL each time it’s accessed. These new URLs are composed of long strings of random letters and numbers, which tend to trick people into thinking that the page is on the level. 

Can’t quite picture all this in your head? The awesome video below, brought to you by the folks at the cybersecurity video podcast Salted Hash, helps give you a glimpse into what phishing kits look like and what they contain. A good portion of the beginning of this video also focuses on how sophisticated phishing landing pages have become these days. It’s worth a watch.

Why Do Cybercriminals Use Phishing Kits?

As you can see, a phishing kit is kind of like a “Hacking in a Box” tool for cybercriminals. It creates a productivity-boosting shortcut that helps them launch phishing pages as soon as they purchase a new URL – and they need to purchase new URLs constantly.  

According to the experts over at CSO, phishing websites will last an average of only 36 hours before they’re identified and shut down. The kit creates a way for criminals to easily and quickly replicate their work across the web. 

Of course, phishing kits can also lead to passive income for enterprising criminals

Thought that “Hacking in a Box” concept was creepy? Even creepier is the fact that criminal-entrepreneurs sell these kits to each other on the Dark Web, and they scam each other by selling hacked kits

Yup, you read that right. As it turns out, some cybercriminals sell phishing kits that contain unsecured code, so they can steal the data their buyers collect. They also use this code to implant hidden malware in their phishing kits. Some criminals even sell pirated copies of other criminals’ phishing kits, and they lace these pirated kits with code that hacks the hackers! 

Considering that phishing kits can cost as little as $2.00 online, we’re guessing the thieves felt they needed to make a higher ROI or something. 

Why Seattle Business Owners Face Extra Danger from Phishing Kits

Okay, now you know what phishing kits are and why they’re a terrible risk for basically every scumbag who uses them, but you have no interest in using one. Plus, since you already know how to train your staff to avoid phishing attacks and you’ve already invested in a Datto business continuity solution, you don’t consider yourself in any real danger from these evil kits. 

Unfortunately, there’s one thing you may have overlooked: your website’s security. 

In our high-tech city, pretty much everyone hosts their own website, even the hot dog stands. As a successful business leader in the Seattle area, you’re pretty much required to maintain an active web presence at all times. That’s a lot of websites for organizations here in the city, yet very few companies have a process in place for updating their website’s backend (you know, like your WordPress version). 

Out of date websites are as vulnerable to hacking as any other out of date software, but since your WordPress site doesn’t send you an onscreen popup reminding you to patch your software every few weeks, it can be easy to forget about updates for years

When’s the last time you updated your website software? Do you know if you’re using the latest, most secure version? Unsecured, out of date sites are filled with vulnerabilities that create backdoors for cybercriminals and, once the criminals have broken in, they can upload whatever they want to your website – including phishing kits. 

Since security researchers have become adept at finding phishing kits stored online, cybercriminals naturally don’t want to store their kits on a site that could be tracked back to them. It isn’t like this is innovative behavior; Agatha Christie whodunnits are filled with criminals who hide the murder weapon or other suspicious items in other people’s luggage. In “The Case of the Mysterious Phishing Kit,” no one would be surprised to find an illegal phishing tool buried among the rest of the media on an innocent victim’s WordPress site, perhaps even yours

Luckily, no one’s going to seriously suspect you of cybercrime if they find a phishing kit amongst your unsecured website files. However, your web host may very well shut down your site if it’s hosting a phishing kit and, as we already established, Seattle business leaders need active websites to maintain their company’s brand and reputation. 

In short: You want to make sure you keep every single aspect of your business up to date and backed up, so you neither fall victim to a cybercrime attack nor become the unwitting host of a cybercriminal’s files. 

Sound like a lot to keep track of? It is. That’s why busy business leaders hire managed services providers (MSPs) that can give them a hand managing all their technology. 

Work with One of Seattle’s Only True MSPs: Interplay

Since 2001, Interplay has been helping non-profits, architecture firms, financial services firms, medical groups, and engineering companies secure, update, monitor, and back up every aspect of their business technology. We can help you track all the details: the whereabouts of your assets, the expiration dates on your software licenses, your version of WordPress, and — of course — your critical operating system and business software security patches and updates. But we don’t simply track the details; we also keep your company running smoothly around the clock because we’re not afraid to roll up our sleeves and get to work solving your trickiest tech problems. 

As one of Seattle’s longest-standing MSPs, we’re uniquely qualified to help monitor your systems for potential hacking activity, we can help you prevent most attempted cyberattacks, and we can strategize ways for you to get your company back to work fast, even if you do become the victim of cybercrime. 

 

Wondering if there are any more small but important details you’ve overlooked in your cybersecurity practices? We’ve got a handy tool for you. Complete the free Network & IT Health Self-Assessment, so you can discover and fix the gaps in your security, starting today.