Interpol Shut Down Phishing-As-A-Service (PAAS) Platform That Hacked 70,000 Users

Interpol Shut Down Phishing-As-A-Service (PAAS) Platform That Hacked 70,000 Users. Due to phishing-as-a-service (PAAS) platforms, cybercriminals typically have a one-stop shop to conduct phishing attacks.

These platforms include email distribution, ready-made phishing kits for recognizable companies, hosting, data proxying, victim overview dashboards, and other features that assist their operations to be more successful.


In a worldwide operation led by INTERPOL, a notorious “phishing-as-a-service” platform known as “16shop” has been shut down.

Indonesian officials have arrested the site’s operator, and one of its facilitators, and another was arrested in Japan.

Particularly, these platforms pose a serious concern because they reduce the entrance barrier for novice hackers and give them a quick and affordable option to start committing phishing attacks.

“Cyberattacks such as phishing may be borderless and virtual in nature, but their impact on victims is real and devastating,” Bernardo Pillot, INTERPOL’s Assistant Director of Cybercrime Operations.

Interpol in Shut Down Operation

The 16shop platform reportedly featured phishing kits that targeted accounts from a variety of companies, including Apple, PayPal, American Express, Amazon, and Cash App, according to Group-IB, which supported Interpol in the takedown operation.

According to Group-IB’s telemetry data, 16shop created 150,000 phishing pages that mostly targeted users in Germany, Japan, France, the USA, and the UK.

According to Interpol’s release, phishing websites made using 16shop compromised at least 70,000 people in 43 different countries.

Personal information, account emails and passwords, ID cards, credit card numbers, and phone numbers are among the data obtained in these attacks.   

The INTERPOL team assembled and sent a criminal intelligence report to the Directorate of Cyber Crimes of the Indonesian National Police, enabling local law enforcement to arrest the administrator, a 21-year-old man, and seize electronic equipment as well as numerous high-end automobiles.

Two facilitators were identified and arrested as a consequence of further information being provided between the National Police Agency of Japan and the Indonesian National Police.

Phishing is not a new phenomenon, but when crimeware is widely available on subscription and used to automate phishing campaigns, it makes it possible for anyone to use this type of service to launch a phishing attack with just a few clicks.

To prohibit crime-ware from being marketed as a service and to stop additional individuals from being victims of phishing attempts, authorities claimed that this operation would remove the underlying issue.

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.