June 8, 2022

Researchers from vpnMentor have discovered two slightly modified versions of the same phishing kits that attackers use to defraud thousands of people worldwide.

The first scam involves a criminal outfit that uses the phishing kit to send text messages that appear to be from well-known global courier service UPS.

The second scam targets customers of Crédit Agricole, a French bank that is the world’s largest co-operative financial institute. Those behind the scam hacked a website unrelated to Crédit Agricole, modified it to mirror the company’s website and inserted code for the phishing kit.

The victims of the UPS scam were Israeli residents who were sent a text message claiming they had a package ready to be picked up.

Their activities were exposed after they failed to secure their server and forgot to disable a ‘directory listing’ running the phishing kit. Most of the 4,400 people whose records were stored in the directory listing were Israeli citizens. Other target countries are the U.S., Brazil, Saudi Arabia and countries in Europe.

Researchers believe the attacker is an Israeli criminal gang, as the scripts for the text sent to Israeli targets were written in broken Hebrew.

The sources for this piece include an article in VPNMENTOR.