🕸 Fraudsters utilize phishing kits - tools that automatically create convincing phishing pages to collect data. These kits allow cybercriminals to save time and gather the information they need about a user in a single attack (with OTP bots being just one part of the phishing attack). A multi-step phishing attack might look like this: the victim receives a message purportedly from their bank, a store or any other organization, asking them to update their personal information in their account.
🎣 The message includes a phishing link. The implication is that by clicking on it and being directed to a site that closely resembles the legitimate bank's website, the victim will enter their login and password, which will immediately be captured by the fraudster. If the account is protected by two-factor authentication, the fraudster can command the phishing kit's admin panel to display the OTP code entry page on the phishing site. When the victim enters the one-time code, the fraudster gains full access to the real account and can, for example, steal money from the victim's account.
However, fraudsters don't stop there - they attempt to extract as much personal information as possible, claiming that the user needs to "confirm their credentials". Through the admin panel, the fraudster can in real-time request the victim's email address, credit card number and other critical information, which can then be used to attack other accounts belonging to the victim. For instance, they might log into the victim's email account using the already known password - after all, people often use the same password across multiple services! With access to the email, they can wreak havoc: for example, they could change the email account's password and, by analyzing its contents, request password reset links for any other accounts linked to that email address.
🎣 The message includes a phishing link. The implication is that by clicking on it and being directed to a site that closely resembles the legitimate bank's website, the victim will enter their login and password, which will immediately be captured by the fraudster. If the account is protected by two-factor authentication, the fraudster can command the phishing kit's admin panel to display the OTP code entry page on the phishing site. When the victim enters the one-time code, the fraudster gains full access to the real account and can, for example, steal money from the victim's account.
However, fraudsters don't stop there - they attempt to extract as much personal information as possible, claiming that the user needs to "confirm their credentials". Through the admin panel, the fraudster can in real-time request the victim's email address, credit card number and other critical information, which can then be used to attack other accounts belonging to the victim. For instance, they might log into the victim's email account using the already known password - after all, people often use the same password across multiple services! With access to the email, they can wreak havoc: for example, they could change the email account's password and, by analyzing its contents, request password reset links for any other accounts linked to that email address.