Browse Definitions :
Definition

phishing kit

A phishing kit is a collection of software tools that makes it easier for people with little or no technical skills to launch a phishing exploit. Phishing is a type of internet scam in which the perpetrator sends out spoofed e-mails or text messages that appear to come from a legitimate source. The goal is to trick the recipient into performing a specific action that will benefit the attacker -- typically, this involves getting the victim to click on a malicious link, open an infected attachment or authorize a transfer of funds.

A phishing kit typically includes Web site development software that has a simple, low-code/no-code graphical user interface (GUI). This type of crimeware kit typically comes complete with email templates, graphics and sample scripts that can be used to create convincing imitations of legitimate correspondence. For an additional price, some kits may also include lists of e-mail addresses, telephone numbers and software for automating the malware distribution process.

Security experts recommend that users refrain from clicking on links in unexpected messages purporting to be from a site they have financial dealings with. If unsure whether a message is valid, users should go directly to the official site and seek information there, or contact the site's customer service department.

Phishing as a Service kits (PaaS kits)

According to Cyren, a SaaS security provider, cloud-based phishing-as-a-service kits are available on the dark web for as little as $50 a month. When phishing websites are hosted on legitimate public cloud services, criminals are able to present legitimate domains and SSL certificates, which can trick even the most experienced end user into thinking a given phishing web page or email is trustworthy.

Popular security exploits

Phishing kits are often used to carry out the following cybersecurity exploits:

Spear phishing - an email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.

Whaling - a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO.

SMiShing - a security attack in which the user is sent a text message designed to tricks them into downloading a Trojan horse, virus or other malware.

Vishing - an electronic fraud tactic conducted by voice email, VoIP (voice over IP), landline telephone or cellular telephone.

This was last updated in March 2020

Continue Reading About phishing kit

SearchNetworking
  • network packet

    A network packet is a basic unit of data that's grouped together and transferred over a computer network, typically a ...

  • virtual network functions (VNFs)

    Virtual network functions (VNFs) are virtualized tasks formerly carried out by proprietary, dedicated hardware.

  • network functions virtualization (NFV)

    Network functions virtualization (NFV) is a network architecture model designed to virtualize network services that have ...

SearchSecurity
  • What is cybersecurity?

    Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats.

  • Android System WebView

    Android System WebView is a system component for the Android operating system (OS) that allows Android apps to display web ...

  • data masking

    Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used ...

SearchCIO
  • privacy compliance

    Privacy compliance is a company's accordance with established personal information protection guidelines, specifications or ...

  • contingent workforce

    A contingent workforce is a labor pool whose members are hired by an organization on an on-demand basis.

  • product development (new product development -- NPD)

    Product development, also called new product management, is a series of steps that includes the conceptualization, design, ...

SearchHRSoftware
  • talent acquisition

    Talent acquisition is the strategic process employers use to analyze their long-term talent needs in the context of business ...

  • employee retention

    Employee retention is the organizational goal of keeping productive and talented workers and reducing turnover by fostering a ...

  • hybrid work model

    A hybrid work model is a workforce structure that includes employees who work remotely and those who work on site, in a company's...

SearchCustomerExperience
  • Salesforce Trailhead

    Salesforce Trailhead is a series of online tutorials that coach beginner and intermediate developers who need to learn how to ...

  • Salesforce

    Salesforce, Inc. is a cloud computing and social enterprise software-as-a-service (SaaS) provider based in San Francisco.

  • data clean room

    A data clean room is a technology service that helps content platforms keep first person user data private when interacting with ...

Close