Cybersecurity Awareness Month: What to know about phishing-as-a-service

Here’s what to do now that aspiring hackers can buy a phishing kit online.

For almost 20 years, October has marked the beginning of Cybersecurity Awareness Month, which is dedicated to helping individuals protect themselves online as threats to technology and data become more common. This year, the Cybersecurity and Infrastructure Agency and the National Cybersecurity Alliance have created a month-long campaign—“See Yourself in Cyber”—to demonstrate that, although it sounds complicated, cybersecurity can impact any and all people across a number of channels.

In the past, becoming a successful hacker had several barriers to entry. Hackers needed substantial knowledge to create attacks and high-end technology to execute. Until this point, the difficulty in accessing information and equipment helped prevent cyberattacks and limited the number of bad actors out there.

However, these tools have become more accessible and now, hackers are even selling their services for anyone to purchase. One of the most common “hacker-as-a-service” offerings is “phishing as a service.” Today, anyone can commit a cybercrime; all they need to know is where to look, who to contact and how much they are willing to pay.

What is PhaaS?

Phishing-as-a-service allows hackers to charge for access to the resources and knowledge necessary to launch a successful phishing attack. With few obstacles to entry, PhaaS has inspired a new generation of cybercriminals to try their hand at phishing. Using web forums, these fraudsters sell “phishing kits” that contain all the components needed to launch an email assault. All they must do is download a kit from a PhaaS vendor and follow the instructions, allowing attacks to be formed and fulfilled quickly. Since hackers are only selling the software and not carrying out the attack, they live in the gray area of legality.

 

continue reading »