A phishing-as-a-service (PaaS) platform which may have been responsible for over 150,000 phishing domains has been taken offline after an Interpol-led operation, the policing group said.
Interpol teamed up with investigators in Indonesia, Japan and the US and industry partners the Cyber Defense Institute, Group-IB, Palo Alto Networks Unit 42, Trend Micro and Cybertoolbelt to make the arrests.
PaaS operation “16shop” sold phishing kits designed to lower the barrier to entry for budding cyber-criminals, enabling them to easily set up phishing websites at scale for various brands including Apple, PayPal, American Express, Amazon and Cash App, according to Group-IB.
These kits would sell for $60–$150 depending on the targeted brand, and automatically display relevant content depending on the victim’s location, to steal payment details and credentials in eight languages, the threat intelligence firm added. Victims hailed from Germany, Japan, France, the USA, the UK, Thailand and elsewhere.
Read more on PaaS: "Greatness" Phishing Tool Exploits Microsoft 365 Credentials
Interpol claimed that 16shop helped cyber-criminals defraud 70,000 victims in 43 countries.
Thanks to “intensive intelligence-sharing” between multinational law enforcers and industry partners, the alleged administrator of the PaaS site was apprehended in Indonesia. Local police arrested a 21-year-old man, seizing electronic items and several luxury vehicles in the process.
Two other suspects were arrested in Indonesia and Japan.
“Phishing isn't a new phenomenon, but when the crimeware is being offer [sic] widely on subscription and to automate phishing campaigns, it enables any person to leverage this type of service to launch a phishing attack with a few clicks,” argued Adi Vivid Agustiadi Bachtiar, director of the Indonesian National Police’s Cyber Crime Directorate.
“This operation was only successful as we worked closely with various stakeholders from the law enforcement community as well as the private sectors, to uproot the root problem to stop the crimeware being offered as a service and also stopping more people from falling victim to phishing attacks.”