Phishing remains a popular method of stealing credentials, committing fraud, and distributing malware. But what appears on the surface to be a juvenile form of cybercrime can be, in practice, a well-orchestrated, multi-faceted, and sustained attack campaign by organized crime groups.
From finding victims and creating phishing sites, to harvesting and fraudulently using victims’ credentials, it can be difficult to build a complete picture of the end-to-end process. We focus our report on how fraudsters are building and hosting their phishing sites, and the tactics they use to remain hidden. Using insight from Shape Security, we also show how quickly cybercriminals are making use of their stolen goods.