Security News > 2023 > March > Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily

An open source adversary-in-the-middle phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale.
DEV-1101, per the tech giant, is said to be the party behind several phishing kits that can be purchased or rented by other criminal actors, thereby reducing the effort and resources required to launch a phishing campaign.
"The availability of such phishing kits for purchase by attackers is part of the industrialization of the cybercriminal economy and lowers the barrier of entry for cybercrime," Microsoft said in a technical report.
The open source kit from DEV-1101 comes with features that make it possible to set up phishing landing pages mimicking Microsoft Office and Outlook, not to mention manage campaigns from mobile devices and even use CAPTCHA checks to evade detection.
Microsoft said it has detected numerous high-volume phishing campaigns spanning millions of phishing emails per day from various actors that leverage the tool.
"Inserting a CAPTCHA page into the phishing sequence could make it more difficult for automated systems to reach the final phishing page, while a human could easily click through to the next page," Microsoft said.
News URL
https://thehackernews.com/2023/03/microsoft-warns-of-large-scale-use-of.html
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Beware: PayPal "New Address" feature abused to send phishing emails (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Why it's time for phishing prevention to move beyond email (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)