Browse Definitions :
Definition

phishing kit

TechTarget Contributor
By

A phishing kit is a collection of software tools that makes it easier for people with little or no technical skills to launch a phishing exploit. Phishing is a type of internet scam in which the perpetrator sends out spoofed e-mails or text messages that appear to come from a legitimate source. The goal is to trick the recipient into performing a specific action that will benefit the attacker -- typically, this involves getting the victim to click on a malicious link, open an infected attachment or authorize a transfer of funds.

A phishing kit typically includes Web site development software that has a simple, low-code/no-code graphical user interface (GUI). This type of crimeware kit typically comes complete with email templates, graphics and sample scripts that can be used to create convincing imitations of legitimate correspondence. For an additional price, some kits may also include lists of e-mail addresses, telephone numbers and software for automating the malware distribution process.

Security experts recommend that users refrain from clicking on links in unexpected messages purporting to be from a site they have financial dealings with. If unsure whether a message is valid, users should go directly to the official site and seek information there, or contact the site's customer service department.

Phishing as a Service kits (PaaS kits)

According to Cyren, a SaaS security provider, cloud-based phishing-as-a-service kits are available on the dark web for as little as $50 a month. When phishing websites are hosted on legitimate public cloud services, criminals are able to present legitimate domains and SSL certificates, which can trick even the most experienced end user into thinking a given phishing web page or email is trustworthy.

Popular security exploits

Phishing kits are often used to carry out the following cybersecurity exploits:

Spear phishing - an email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.

Whaling - a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO.

SMiShing - a security attack in which the user is sent a text message designed to tricks them into downloading a Trojan horse, virus or other malware.

Vishing - an electronic fraud tactic conducted by voice email, VoIP (voice over IP), landline telephone or cellular telephone.

This was last updated in March 2020

Continue Reading About phishing kit

Networking
  • local area network (LAN)

    A local area network (LAN) is a group of computers and peripheral devices that are connected together within a distinct ...

  • TCP/IP

    TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of communication protocols used to interconnect ...

  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

Security
  • identity management (ID management)

    Identity management (ID management) is the organizational process for ensuring individuals have the appropriate access to ...

  • fraud detection

    Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses.

  • single sign-on (SSO)

    Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for ...

CIO
  • IT budget

    IT budget is the amount of money spent on an organization's information technology systems and services. It includes compensation...

  • project scope

    Project scope is the part of project planning that involves determining and documenting a list of specific project goals, ...

  • core competencies

    For any organization, its core competencies refer to the capabilities, knowledge, skills and resources that constitute its '...

HRSoftware
  • recruitment management system (RMS)

    A recruitment management system (RMS) is a set of tools designed to manage the employee recruiting and hiring process. It might ...

  • core HR (core human resources)

    Core HR (core human resources) is an umbrella term that refers to the basic tasks and functions of an HR department as it manages...

  • HR service delivery

    HR service delivery is a term used to explain how an organization's human resources department offers services to and interacts ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

Close