Send Us An Email

Give us a call

Headquarters

OnSite I.T. Blog

Yes, There is Phishing-as-a-Service

Yes, There is Phishing-as-a-Service

Hackers and scammers are always trying to turn a profit on businesses just like yours, and you might be surprised by some of their ingenuity. One such way that some hackers choose to make a profit is by twisting the “as a service” business model into something that is particularly dangerous. Even Microsoft has gone on record and called out a particular group of Phishing-as-a-Service providers as a problem.

Phishing-as-a-Service is nothing new, and other threats have utilized the “as a service” business model in the past. Ransomware in particular has been known to utilize this type of service from time to time. What makes this particular case special is that it takes something that is already quite accessible to amateur hackers and lowers the bar of entry, creating even more opportunities for people to make a quick buck off of others’ misfortune.

This service includes BulletProofLink and others who sell their clients products such as email and website templates, email delivery, hosting, and credential theft. Of particular note is that they offer these services in the form of what are called fully unidentifiable links. The service provider hosts these things on their servers and works to harvest credentials for the client. The dangerous thing about these services is not necessarily the fact that these credentials are stolen, but more so the fact that these credentials can be sold to other, even more dangerous attackers who can launch ransomware attacks and other infections.

In other words, the buyers of these credentials are not receiving those which are guaranteed to work; they are simply paying for the opportunity to receive credentials that might work.

This particular Phishing-as-a-Service service gives attackers access to links that provide them with several templates of login pages, including those for services like Microsoft OneDrive, Google Docs, Dropbox, LinkedIn, Adobe, and many more. Another way that these services can be used is with “double-theft” in which the provider steals credentials for one customer, then sells them to yet another customer. This also impacts the ransomware workflow, as ransomware attackers can encrypt data after it is compromised and threaten to sell it or release it in exchange for a ransom.

Our goal here is not necessarily to provide you with the nitty-gritty details of how these threats operate--that would take a lot of technical jargon and in-depth explanation--but rather to showcase just how innovative hackers can be under the right circumstances. You absolutely cannot underestimate them; doing so could prove to be a fatal mistake on your part.

In a world where you have to be cautious of every little thing--particularly in regards to the Internet--you shouldn’t have to worry about your business’ network security. Let OnSite I.T. do the heavy lifting for your business so that you can instead focus on staying productive throughout the workday. To learn more about how we can keep your business safe, reach out to us at (403) 210-2927.

Break Your Break/Fix Cycle
Managed IT Services Brings A Lot of Value
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Tuesday, 17 December 2024

Captcha Image

Mobile? Grab this Article

QR Code

Customer Login

Latest Blog

Want to be a business without hearing how artificial intelligence is changing the industry? Good luck; it’s a big deal that this technology has flourished in recent years, and businesses have found all kinds of ways to implement it. While AI has sign...

Contact us

Learn more about what OnSite I.T. can do for your business.

OnSite I.T.
429 14th St. N.W. #104
Calgary, Alberta T2N 2A3, Canada