Law Enforcement Takes Down Phishing-as-a-Service SiteAuthorities in Multiple Countries Arrest Operators of 16shop
An international law enforcement operation took down a phishing-as-a-service website that security researchers said was responsible for more than 150,000 phishing domains.
Authorities in Indonesia arrested the site's alleged administrator and another man, while Japanese police arrested an additional suspect, Interpol announced Tuesday.
The site, 16shop, has been in existence since at least 2017. It sold phishing kits that targeted more than 70,000 people across 43 countries, including victims in Germany, Japan, France, the United States, the United Kingdom and Thailand. The kits contained malicious scripts allowing cybercriminals with modest programming skills to quickly deploy large volumes of phishing pages, said cybersecurity firm Group-IB, which supplied technical expertise to the investigation.
Customers could obtain fake webpages mimicking Amazon for $60. A page impersonating American Express sold for $150, Group-IB said.
Phishing, a form of social engineering that seeks to trick victims into supplying credentials to sensitive accounts such as online banks, continues to be one of the most common forms of hacking. The Anti-Phishing Working Group recently called 2022 a record year for phishing, saying its data has recorded the number of phishing attacks growing by more than 150% per year since the start of 2019 (see: New AI Bot Could Take Phishing, Malware to a Whole New Level).
Interpol says it flagged 16shop as a threat during an ongoing project researching cyberthreats in the 10-country Association of Southeast Asian Nations regional bloc. The team determined the platform's servers had been hosted by a company based in the United States and worked to connect Indonesian and U.S. investigators.
The Indonesian National Police's Directorate of Cyber Crimes seized electronic items and several luxury vehicles in the raid conducted to arrest the platform's alleged administrator.