Browse Definitions :
Definition

phishing kit

TechTarget Contributor
By

A phishing kit is a collection of software tools that makes it easier for people with little or no technical skills to launch a phishing exploit. Phishing is a type of internet scam in which the perpetrator sends out spoofed e-mails or text messages that appear to come from a legitimate source. The goal is to trick the recipient into performing a specific action that will benefit the attacker -- typically, this involves getting the victim to click on a malicious link, open an infected attachment or authorize a transfer of funds.

A phishing kit typically includes Web site development software that has a simple, low-code/no-code graphical user interface (GUI). This type of crimeware kit typically comes complete with email templates, graphics and sample scripts that can be used to create convincing imitations of legitimate correspondence. For an additional price, some kits may also include lists of e-mail addresses, telephone numbers and software for automating the malware distribution process.

Security experts recommend that users refrain from clicking on links in unexpected messages purporting to be from a site they have financial dealings with. If unsure whether a message is valid, users should go directly to the official site and seek information there, or contact the site's customer service department.

Phishing as a Service kits (PaaS kits)

According to Cyren, a SaaS security provider, cloud-based phishing-as-a-service kits are available on the dark web for as little as $50 a month. When phishing websites are hosted on legitimate public cloud services, criminals are able to present legitimate domains and SSL certificates, which can trick even the most experienced end user into thinking a given phishing web page or email is trustworthy.

Popular security exploits

Phishing kits are often used to carry out the following cybersecurity exploits:

Spear phishing - an email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.

Whaling - a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO.

SMiShing - a security attack in which the user is sent a text message designed to tricks them into downloading a Trojan horse, virus or other malware.

Vishing - an electronic fraud tactic conducted by voice email, VoIP (voice over IP), landline telephone or cellular telephone.

This was last updated in March 2020

Continue Reading About phishing kit

Networking
  • subnet (subnetwork)

    A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP ...

  • secure access service edge (SASE)

    Secure access service edge (SASE), pronounced sassy, is a cloud architecture model that bundles together network and cloud-native...

  • Transmission Control Protocol (TCP)

    Transmission Control Protocol (TCP) is a standard protocol on the internet that ensures the reliable transmission of data between...

Security
  • cyber attack

    A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the ...

  • digital signature

    A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or...

  • What is security information and event management (SIEM)?

    Security information and event management (SIEM) is an approach to security management that combines security information ...

CIO
  • product development (new product development)

    Product development -- also called new product management -- is a series of steps that includes the conceptualization, design, ...

  • innovation culture

    Innovation culture is the work environment that leaders cultivate to nurture unorthodox thinking and its application.

  • technology addiction

    Technology addiction is an impulse control disorder that involves the obsessive use of mobile devices, the internet or video ...

HRSoftware
  • organizational network analysis (ONA)

    Organizational network analysis (ONA) is a quantitative method for modeling and analyzing how communications, information, ...

  • HireVue

    HireVue is an enterprise video interviewing technology provider of a platform that lets recruiters and hiring managers screen ...

  • Human Resource Certification Institute (HRCI)

    Human Resource Certification Institute (HRCI) is a U.S.-based credentialing organization offering certifications to HR ...

Customer Experience
  • contact center agent (call center agent)

    A contact center agent is a person who handles incoming or outgoing customer communications for an organization.

  • contact center management

    Contact center management is the process of overseeing contact center operations with the goal of providing an outstanding ...

  • digital marketing

    Digital marketing is the promotion and marketing of goods and services to consumers through digital channels and electronic ...

Close