Phishing Email Kit: How to Spot and Avoid Them

Here’s another watchout for your inbox: Scammers using a website to host a “phishing kit.” Through the kit, scammers send phishing emails with links pointing to a webpage created to mimic a real website and asking you to provide your password. This type of phishing email kit usually provides a login page, and when someone puts in their password, it typically either emails the credentials to the scammer or writes it to a log file. Keeping you up to date on the latest scams is part of our cyber security service. So, let’s take a look at this particularly “phishy” ploy. 

The Anatomy of a Phishing Scam

If you know what to watch out for, you can be more successful at avoiding these scams. Looking at the image below to the left, it starts with a phishing email with a link pointing to a fake login page. Taking a look at the link itself (below right), you can see that the last part of the link is an email address encoded (base64). This adds more trickery to the phishing site because when a user who receives it clicks on it, it loads that user’s email address into the login page. 

Because I didn’t want to tell the scammer which email address clicked on the link, I encoded a fake email address, changed the link and opened it in a safe environment. 

Taking a look at the login page (above right), I used software to capture all data that went to the website, and I was able to see what happens when I put a fake password into the site. As with most phishing email kits, I can see that it uses another script on the site to either log or email the credentials to the scammer (below).

By taking a closer look at the website used to host this phishing kit, I was able to find the actual phishing kit with the raw code (below left). You can see in the image below to the right, the referenced email address used in the phishing kit to send the harvested credentials to the scammer.

Email Phishing Kit: Protect Yourself

You don’t have to understand all the behind-the-scenes tech to know this scam is something you want to avoid. Things you can do to protect yourself: 

• Always be cautious about what links you click on: If you are not expecting to receive this type of email or it seems “unusual,” err on the side of caution and reach out to the sender on another known contact method.
• Whenever logging into a website, double check the address bar and verify it is the correct site you are expecting. 

Spot phishing attempts before you bite. Download Intrust’s Phishing Cheat Sheet to get all the “do’s,” “don’ts” and “nevers” when receiving emails.