Phish in a Barrel: Hunting and Analyzing Phishing Kits at Scale
https://duo.com/blog/phish-in-a-barrel-hunting-and-analyzing-phishing-kits-at-scale [duo.com]
2017-11-01 15:04
Phishing is a business, and business is booming. To make phishing campaigns more efficient, attackers will often reuse their phishing sites across multiple hosts by bundling the site resources into a phishing kit. These kits are uploaded to a (typically compromised) host, the files in the kit are extracted, and phishing emails are sent pointing to the new phishing site. Sometimes, however, the attackers get lazy and leave the phishing kits behind, allowing anyone—including security researchers—to download them.