Recently, the Dutch cops in the association of Group-IB have arrested two hackers for their testified association in a phishing fraud-as-a-service scheme. The report also claims that these two hackers have been selling and renting all complex phishing frameworks.
After detecting the attack, the police claimed that one of the suspects is a 24-year-old software engineer and another one is a 15-year-old boy.
However, the analysts investigated the whole matter and they came to know that these two hackers were the main developer and sellers of the phishing frameworks.
The main motive of these hackers was to accumulate all the login data from bank customers, and the threat actors of this attack have targeted many users of the Netherlands as well as Belgium.
The Crooked journey
Generally, a fraud family’s phishing foundation commences with an email, SMS, or WhatsApp message that represents a substantial company. And during this malicious campaign, the fraudsters masked the following things:-
- WhatsApp messages
They masked all the above-mentioned mediums and options as legitimate messages, that come from a local company to fool and loot their targets.
However, these kinds of messages can be used for targeted as well as it can be sent out to multiple contacts at a time by the threat actors. In this kind of attack, the threat actors prefer using well-known brands, as it enables the attackers to obtain users’ trust.
A Fraud Family Business
To gain trust and to implement the attacks, the cybercriminal of the fraud family produces a sophisticated fraud-as-a-service infrastructure resilient that carry out the takedown efforts.
Apart from these things, to execute the attack they use these infrastructures through which they connect the following things:-
- Ready-to-use phishing frameworks
- Hosting services
The investigators also found that the phishing frameworks carry phishing kits with some tools and some resources that are used to steal data.
Moreover, it also has a web panel that enables the threat actors to associate with the actual phishing site, which is used to accumulate and handle the data of the user that has been stolen.
Web Panels of the “Fraud Family“
The fraudsters also modified and customized the web panels, and here we have mentioned them below:-
- NL Multipanel
- Express Panel
- Reliable Panel
Recommendations of Group-IB
The cybersecurity experts at Group-IB has recommended some common mitigations and here we have mentioned them below:-
- Stay alert and beware of anything sent to you.
- Do not click on any kind of unknown links.
- Always double-check the websites’ URLs.
- Always confirm the identity of the suspicious messages from the original sources.
- Do not share any credentials over email, messages, WhatsApp, and over the phone.
- Official organizations do not use any type of link shorteners.
After this cyberattack, the Group-IB is keeping a close eye on this kind of attack that also includes the fraud family. After arresting the two threat actors, the Dutch police has sent a warning to the fraud family.
The investigations clearly affirm that the fraud family has been related to all the activity of the threat that has risen toward the end of 2020 and it has been continuing into 2021 as well.