Just what we didn't need to learn: "do it yourself phishing kits" are available only too freely around cyberspace, according to anti-virus/anti-spam product maker Sophos. In other words, anybody can do it, not just high-tech criminals, meaning the phish are liable to spawn even more heavily than they already are.
"Until now, phishing attacks have been largely the work of organized criminal gangs, however, the emergence of these 'build your own phish' kits mean that any old Tom, Dick or Harry can now mimic bona fide banking Websites and convince customers to disclose sensitive information such as passwords, PIN numbers and account details," Sophos senior tech consultant Graham Cluley said. "There is plenty of profit to be made from phishing. By putting the necessary tools in the hands of amateurs, it's likely that the number of attacks will continue to rise."
These kits, Sophos said, include all the graphics, code, and text needed to make bogus sites with the same look and feel as legitimate banking sites – and they also include spamming software letting a prospective phisher send out hundreds of thousands of phish, the company added.
Sophos said they believe these kits will only make the phishing problem worse before it gets better, and right now phishing is good for hundreds of thousands of e-mails as it is from the pros.
