Hot topics

Gone in a Flash: Amazon, PayPal, and Small Players Suffer from Phishing

darcula 3 phaas
© Tada Images / shutterstock.com

Read in other languages:

Online payment transactions are not risk-free and can quickly result in high costs if you are not careful. So far, it has primarily been large companies such as Amazon, PayPal, and ING that were affected. However with the presence of new software, this could soon change—worldwide.

Phishing is one of the biggest dangers on the Internet. The process usually follows a similar modus operandi. First, cyber criminals send fraudulent emails by using the name of well-known brands and trick potential victims into visiting fake websites.

From there, they try to steal personal data such as usernames, passwords, and bank information. This information is then used to take over your accounts, empty your bank accounts, and even commit identity theft. Alternatively, they are sold on the Darkweb.

To summarize the situation? If you fall for a phishing scam, you can expect to reap serious consequences. Until now, it was a small consolation that it was primarily big brands that were affected due to their wide reach, but that is because lesser-known methods were rather rare. Things are set to change with the introduction of a new, dangerous software simply known as Darcula 3.0.

Phishing Upgrade—A New Threat Level

Cybercriminals often use the services of external providers to prepare their phishing campaigns. In such cases, this is known as phishing-as-a-service (PhaaS). The “problem”? The number of templates used to be limited. Anyone who wanted to launch a phishing campaign targeting Amazon or the bank savings of customers would, of course, quickly discover what they were looking for.

However, this was not the case with smaller providers. Conversely, this meant customers did not have to pay quite as much attention to such emails, or at least that is the common train of thought until now. The provider behind the Darcula suite has successfully solved this “problem”.

Researchers from the security service provider Netcraft recently examined a beta version of the PhaaS platform Darcula 3.0. The new functions include a DIY phishing kit generator. With this tool, criminals can now easily create customized phishing kits and mimic almost any company on the Internet. For you, this means that you need to be even more vigilant in the future and critically scrutinize suspicious emails. Otherwise, it could quickly become an expensive mistake.

Darcula 3.0 PhaaS phishing platform.
Announcement of the Darcula 3.0 PhaaS platform.  / © Netcraft

The Darcula platform

The new Darcula generator appears to be extremely user-friendly. Criminals only need to enter the URL of a specific provider. The software then automatically creates all the necessary templates for the attack. First, the website is cloned—including HTML, CSS, images, and JavaScript codes.

The original design is largely retained to look familiar. At the same time, individual elements such as login fields, payment forms, or requests for two-factor authentication can be easily manipulated to steal personal data.

The PhaaS platform also offers customizable error messages and ready-made templates. Furthermore, criminals have access to an admin area with a real-time dashboard of phishing activities. As soon as a victim discloses sensitive data, the criminals even receive automatic notifications via Telegram. Functions such as IP filtering and crawler blocking were also designed to help users conceal their illegal activities.

PhaaS has been a problem for many years. For example, the service provider BulletProofLink already offered over 100 phishing templates from various companies in 2021. Darcula even offered more than 200 phishing templates from companies in over 100 countries.

In the old system alone, Netcraft detected more than 90,000 phishing domains since March 2024. With the upgrade to Darcula 3.0 and the expanded range of functions, this number could soon increase significantly. You should therefore be particularly vigilant now and look over your shoulder for signs of phishing emails.

How to Recognize Phishing Emails

If you want to protect yourself against phishing attacks, you should, first of all, always pay attention to the sender of the email—not the display text, but the email address.

Unfortunately, this can be manipulated through email spoofing. It is therefore advisable to also pay attention to spelling and grammar. As the texts are usually translated into the local language by an AI translator, errors would more often than not appear.

If time pressure is also created or the reader is asked to click on a link, there is a high probability that the email reeks of phishing intent. In such cases, we recommend contacting the customer service of the company in question and confirming the authenticity of the email. You can then move the unmasked phishing e-mail to the spam folder.

Best Smart Speaker With Amazon Alexa 

  Editor's choice Best smart home control center Best price-performance ratio Best sound Best sound supplement Best display
Product
Product image Amazon Echo Dot (5. Gen) 2022 Product Image Amazon Echo Hub Product Image Amazon Echo (4.Gen) Product Image Amazon Echo Studio Product Image Amazon Echo Sub Product Image Amazon Echo Show 10 (3rd. Gen) Product Image
Review
Review: Amazon Echo Dot (5. Gen) 2022
Review: Amazon Echo Hub
Not yet tested
Review: Amazon Echo Studio
Not yet tested
Not yet tested
Price Compariosn
Go to comment (0)
Artem Sandler

Artem Sandler
Editor

Artem is interested in all kinds of technological marvels — from electric cars to smartphones and smart rings. That's why he studied technical journalism and innovation communication. He is also interested in niche topics like cybercrime and data security. He was no doubt disturbed at the dystopian future after watching sci-fi films before, but after studying, he realized that truth is stranger than fiction.

To the author profile
Liked this article? Share now!
Recommended articles
Latest articles
Push notification Next article
No comments
Write new comment:
All changes will be saved. No drafts are saved when editing
Write new comment:
All changes will be saved. No drafts are saved when editing