Security News > 2022 > July > New ‘Robin Banks’ phishing service targets BofA, Citi, and Wells Fargo
A new phishing as a service platform named 'Robin Banks' has been launched, offering ready-made phishing kits targeting the customers of well-known banks and online services.
According to a report by IronNet, whose analysts discovered the new phishing platform, Robin Banks is already being deployed in large-scale campaigns that started in mid-June, targeting victims via SMS and email.
Robin Banks is the new project of a cybercrime group believed to be active since at least March 2022, created for quickly crafting high-quality phishing pages to target customers of large financial organizations.
"The Robin Banks website has a more sophisticated yet user-friendly webGUI than 16Shop and BulletProftLink - two well-known phishing kits that are also notably more expensive than Robin Banks as well," comments IronNet in the report.
Once the victim enters all the required details on the form fields of the phishing site, a POST request is sent to the Robin Banks API, containing two unique tokens, one for the campaign operator and one for the victim.
The phishing site sends one POST request for each web page the victim fills out, which works as a fail-safe to steal as many details as possible since the phishing process may stop at any time due to suspicion or other reasons.