Browse Definitions :
Definition

phishing kit

A phishing kit is a collection of software tools that makes it easier for people with little or no technical skills to launch a phishing exploit. Phishing is a type of internet scam in which the perpetrator sends out spoofed e-mails or text messages that appear to come from a legitimate source. The goal is to trick the recipient into performing a specific action that will benefit the attacker -- typically, this involves getting the victim to click on a malicious link, open an infected attachment or authorize a transfer of funds.

A phishing kit typically includes Web site development software that has a simple, low-code/no-code graphical user interface (GUI). This type of crimeware kit typically comes complete with email templates, graphics and sample scripts that can be used to create convincing imitations of legitimate correspondence. For an additional price, some kits may also include lists of e-mail addresses, telephone numbers and software for automating the malware distribution process.

Security experts recommend that users refrain from clicking on links in unexpected messages purporting to be from a site they have financial dealings with. If unsure whether a message is valid, users should go directly to the official site and seek information there, or contact the site's customer service department.

Phishing as a Service kits (PaaS kits)

According to Cyren, a SaaS security provider, cloud-based phishing-as-a-service kits are available on the dark web for as little as $50 a month. When phishing websites are hosted on legitimate public cloud services, criminals are able to present legitimate domains and SSL certificates, which can trick even the most experienced end user into thinking a given phishing web page or email is trustworthy.

Popular security exploits

Phishing kits are often used to carry out the following cybersecurity exploits:

Spear phishing - an email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.

Whaling - a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO.

SMiShing - a security attack in which the user is sent a text message designed to tricks them into downloading a Trojan horse, virus or other malware.

Vishing - an electronic fraud tactic conducted by voice email, VoIP (voice over IP), landline telephone or cellular telephone.

This was last updated in March 2020

Continue Reading About phishing kit

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

  • privacy compliance

    Privacy compliance is a company's accordance with established personal information protection guidelines, specifications or ...

  • data governance policy

    A data governance policy is a documented set of guidelines for ensuring that an organization's data and information assets are ...

SearchSecurity

  • asymmetric cryptography (public key cryptography)

    Asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of related keys -- one public key ...

  • Evil Corp

    Evil Corp is an international cybercrime network that uses malicious software to steal money from its victims' bank accounts.

  • Plundervolt

    Plundervolt is a method of hacking that involves depriving an Intel chip of power so that processing errors occur.

SearchHealthIT

  • telemedicine (telehealth)

    Telemedicine is the remote delivery of healthcare services, such as health assessments or consultations, over the ...

  • Project Nightingale

    Project Nightingale is a controversial partnership between Google and Ascension, the second largest health system in the United ...

  • medical practice management (MPM) software

    Medical practice management (MPM) software is a collection of computerized services used by healthcare professionals and ...

SearchDisasterRecovery

SearchStorage

  • 3D NAND flash

    3D NAND is a type of non-volatile flash memory in which the memory cells are stacked vertically in multiple layers.

  • M.2 SSD

    An M.2 SSD is a solid-state drive (SSD) that conforms to a computer industry specification written for internally mounted storage...

  • RAID (redundant array of independent disks)

    RAID (redundant array of independent disks) is a way of storing the same data in different places on multiple hard disks or ...

Close