Phishing is a numbers game—and the longer a kit remains hidden and active, the longer the attack can run and net more victims. The developers behind popular phishing kits are adopting best practices from the business world to streamline operations and make money.
Criminals Hosting Phishing Kits on GitHub
A series of targeted phishing campaigns have hit victims in government finance agencies and embassies in several European and African countries.
There's no need to go to underground forums and criminal marketplaces to trade crimeware tools and buy/sell stolen information when it's all on social media, such as Facebook.
New tools such as Modlishka and frameworks such as Gophish enable organizations to test their awareness and resilience to phishing campaigns.