DIY phishing kit found online

IT IS GETTING so expensive to Phish websites these days that some bright spark has invented a DIY kit so frausters don't have to call in developers who take a big intake of breath and say, "It will cost you."

Yep, the adult theme parks for the 21st Century have extended their influence to the IT scam.

According to security boffins at RSA, the DIY phishing kit means that even complete novices can take down a bank or an ecommerce site, provided they do not lose the ever-important instructions.

The kit has a user-friendly interface designed to help the nontechnical criminal and automates all the tricky man-in the middle attacks. Most of the attacks involve duping users into clicking on a link embedded within a phishing email.

According to RSA, the kit qualifies as 'universal' because it can be used on any website, and thus attacks don't need to be tailored for each site. It is easy even for those who refer to screws as curly nails and insist on hitting them with hammers.

A spokesRSA said that these types of attack are 'next generation' and none of your old tat. It would take an expert to be able to spot the difference between a DIY phishing attack and one built by a professional. And then there is always that sense of satisfaction you get when you stand back and say "I did that, doesn't it look great."

More DIY at PC World. µ