03 Jan 2021

Phishing research project

Filed Under: phishing

I started doing some research during my December vacation, and focused my efforts almost entirely on phishing and phishing kit development. It’s an interesting process, because no two kits are alike, even if the same person developed them. There’s always a slight variation somewhere, and as kits get recycled or copied, they become this hodgepodge of code and variables.

That’s another interesting thing. There is no honor among thieves, so when one phishing kit developer comes up with a new design or process, it’s quickly stolen (ripped) and you’ll see it appear in multiple kits a short while later. There is also a wide variety of brands being targeted with the kits I’ve collected. All the usual brands are there, such as Chase or Wells Fargo, Office365, Netflix, PayPal, etc. However, there are other smaller, more localized brands being targeted, which is interesting to observe.

From November 2020 until December 31st, I collected 810 phishing kits for my research. This is in addition to the hundreds of kits I already had. I’ll start digging into them in more detail in future posts, but the list below is a brief example of the things I’ve extracted from my phishing collection so far. The thing is, my scope and visibility is limited, so I’m only really scratching the surface.

.
├── 1-and-1
├── ABSA
├── Adobe-PDF
├── ADP
├── AirBNB
├── Alibaba
├── Amazon
├── American_Express
├── AOL
├── Apple
├── AT&T
├── Bank_of_America
├── Bank_of_Guam
├── BECU
├── Bell
├── Blockchain
├── BNP Paribas
├── BT
├── Chase
├── Citi
├── Citrix
├── Comcast
├── Co_Operative_Bank
├── Costco
├── COVID-19
├── cPanel
├── Credicard
├── credit-agricole
├── DHL
├── Discover
├── DocuSign
├── Dominos
├── Dropbox
├── eBay
├── eSign
├── Facebook
├── FI-Bank
├── FirstAmerica
├── FirstBank
├── Fontier
├── Foreign_Investment_Review_Board
├── Generic_Email
├── Generic_File_Sharing
├── Generic_Mailer_Scripts
├── Generic_Phishing
├── GlobalSources
├── GoDaddy
├── Google
├── Halifax
├── HMRC
├── HSBC
├── Huntington
├── ING
├── Instagram
├── Interac
├── Komail
├── Liberty_Mutual
├── LinkedIn
├── Lloyds
├── Match
├── Microsoft
├── MWeb
├── namecheap
├── NatWest
├── Navy_Federal
├── NedBank
├── Netflix
├── Norway
├── Optimum
├── Orange
├── OurTime
├── PayPal
├── PNB_Bank
├── PNC
├── Postal_Bank_FR
├── Protonmail
├── PUBG
├── Rabobank
├── Rackspace
├── Rogers
├── Royal_Bank_of_Canada
├── Salesforce
├── Santander
├── SFExpress
├── SFR
├── ShareFile
├── SingNet
├── South_State_Bank
├── Suntrust
├── Swiss_Post
├── Symantec
├── Tax-Fraud
├── TDAmeritrade
├── Telus
├── TurboTax
├── UK_Government
├── Union_Bank
├── University-of-Southern-California
├── UPS
├── USAA
├── US_Department_of_Energy
├── Verizon
├── VMware
├── WellsFargo
├── West_Pac_Country
├── WeTransfer
├── WhatsApp
├── Xerox
├── Yahoo
├── Zimbra
├── Ziraat
├── Zoom
└── Zoosk

113 directories

That's all for now.

-[30]- a.k.a. The End


-[ Return ⬏ ]-