What if we told you that cybercriminals are now developing methods to steal your information without leaving a trace back to them?

Unfortunately, this is a reality that we all need to be aware of.

The latest form of cyberattacks are more dangerous than ever, for this exact reason. Referred to by experts’ as “Heatstroke,” this attacking method uses intense and creative methods that are different than the common methods hackers typically use.

The new techniques hackers are using are through what is called a phishing kit. These phishing kits are sold by marketing the kits as “phishing-as-a-service.” The phishing kits have been strategically engineered to mimic websites that require a user to enter credentials and payment information, such as Paypal. The legitimacy of the these multi-stage websites can make it nearly impossible for a user to recognize they are entering their information into a dangerous site if they are not properly trained through Security Awareness Training and aware of this most recent method of attack.

What is even scarier than the ligament appearance of the websites linked to the phishing kits, is the steps the developers of these kits have taken to ensure their attack is successful and untraceable.  

In a recent article written by KnowBe4, they shared a list of some tactics the phishing kits use to ensure this success.

  • Landing pages constantly change to bypass any webpage filtering.
  • It works against security vendors by blocking crawling services and vulnerability scanners.
  • The initial landing page is encoded in base64 to bypass firewalls and web scanning solutions.
  • Any stolen credentials are transmitted using steganography (where data is embedded within an image).

While the methods of the latest attacking method are more advanced and different, the goal the cybercriminals have remains the same- to steal credentials and credit card information in order to further make their way into corporate networks.

Phishing kits are the latest method hackers are up to, and should be taken very seriously.

So what can you do to protect yourself? First and foremost, any and every email that requires you to login or enter information should be examined closely. Even the most ligament, harmless or seemingly common emails should be evaluated before you enter any credentials. Additionally, Security Awareness Training should implemented for your employees to teach them what to look for and examine before entering credentials!

At The IT Company, our customers are highly encouraged to take their employees through Security Awareness Training. By doing so, we partner with them to work against the dangers of new and old methods of phishing attacks.

There is nothing more important to our team than your security and happiness. We strongly feel that Security Awareness Training can increase both of those elements. Want to learn more about Security Awareness Training and how it can elevate your company’s security, while simultaneously ensuring your happiness by allowing us to end your IT frustrations? Schedule a meeting today!