Gone in a Flash: Amazon, PayPal, and Small Players Suffer from Phishing


Online payment transactions are not risk-free and can quickly result in high costs if you are not careful. So far, it has primarily been large companies such as Amazon, PayPal, and ING that were affected. However with the presence of new software, this could soon change—worldwide.
Phishing is one of the biggest dangers on the Internet. The process usually follows a similar modus operandi. First, cyber criminals send fraudulent emails by using the name of well-known brands and trick potential victims into visiting fake websites.
From there, they try to steal personal data such as usernames, passwords, and bank information. This information is then used to take over your accounts, empty your bank accounts, and even commit identity theft. Alternatively, they are sold on the Darkweb.
To summarize the situation? If you fall for a phishing scam, you can expect to reap serious consequences. Until now, it was a small consolation that it was primarily big brands that were affected due to their wide reach, but that is because lesser-known methods were rather rare. Things are set to change with the introduction of a new, dangerous software simply known as Darcula 3.0.
Phishing Upgrade—A New Threat Level
Cybercriminals often use the services of external providers to prepare their phishing campaigns. In such cases, this is known as phishing-as-a-service (PhaaS). The “problem”? The number of templates used to be limited. Anyone who wanted to launch a phishing campaign targeting Amazon or the bank savings of customers would, of course, quickly discover what they were looking for.
However, this was not the case with smaller providers. Conversely, this meant customers did not have to pay quite as much attention to such emails, or at least that is the common train of thought until now. The provider behind the Darcula suite has successfully solved this “problem”.
Researchers from the security service provider Netcraft recently examined a beta version of the PhaaS platform Darcula 3.0. The new functions include a DIY phishing kit generator. With this tool, criminals can now easily create customized phishing kits and mimic almost any company on the Internet. For you, this means that you need to be even more vigilant in the future and critically scrutinize suspicious emails. Otherwise, it could quickly become an expensive mistake.

The Darcula platform
The new Darcula generator appears to be extremely user-friendly. Criminals only need to enter the URL of a specific provider. The software then automatically creates all the necessary templates for the attack. First, the website is cloned—including HTML, CSS, images, and JavaScript codes.
The original design is largely retained to look familiar. At the same time, individual elements such as login fields, payment forms, or requests for two-factor authentication can be easily manipulated to steal personal data.
The PhaaS platform also offers customizable error messages and ready-made templates. Furthermore, criminals have access to an admin area with a real-time dashboard of phishing activities. As soon as a victim discloses sensitive data, the criminals even receive automatic notifications via Telegram. Functions such as IP filtering and crawler blocking were also designed to help users conceal their illegal activities.
PhaaS has been a problem for many years. For example, the service provider BulletProofLink already offered over 100 phishing templates from various companies in 2021. Darcula even offered more than 200 phishing templates from companies in over 100 countries.
In the old system alone, Netcraft detected more than 90,000 phishing domains since March 2024. With the upgrade to Darcula 3.0 and the expanded range of functions, this number could soon increase significantly. You should therefore be particularly vigilant now and look over your shoulder for signs of phishing emails.
How to Recognize Phishing Emails
If you want to protect yourself against phishing attacks, you should, first of all, always pay attention to the sender of the email—not the display text, but the email address.
Unfortunately, this can be manipulated through email spoofing. It is therefore advisable to also pay attention to spelling and grammar. As the texts are usually translated into the local language by an AI translator, errors would more often than not appear.
If time pressure is also created or the reader is asked to click on a link, there is a high probability that the email reeks of phishing intent. In such cases, we recommend contacting the customer service of the company in question and confirming the authenticity of the email. You can then move the unmasked phishing e-mail to the spam folder.
Source: Bleeping Computer