Security News > 2022 > October > Cybercriminals are having it easy with phishing-as-a-service
Phishing attacks have only grown with the rise of SaaS in the workplace, and even the most security-savvy worker can be duped into a phishing attack.
The turnkey platform allowed users to customise campaigns and create their own phishing tactics, providing them with over 100 phishing templates that copied known brand and services guidelines, kits, hosting and other tools.
Back then a threat actor would have to carry out numerous steps such as purchasing the phishing kit, setting up the infrastructure, obtaining the email list, spamming the email list with a link to their credential harvester, and collecting credentials.
A recent survey looking at businesses' biggest cyber concerns ranked phishing attacks at the top, with several phishing campaigns identified, designed to trick busy or distracted employees.
A lower-skilled actor can purchase a phishing service such as EvilProxy and bypass MFA controls in place using a reverse proxy to harvest valid cookies from the user connecting through an evil proxy phishing site.
Alongside specific detection methods, employees and businesses need greater education on how these phishing threats work and what habits or weaknesses they rely on, both across the business and at the individual level.