Mandiant has a post about a Phishing-as-a-Service that has recently been investigated by Mandiant. This Phishing as a service is of course trying to make things easier for the criminals to set up phishing campaigns.
Above is the Dashboard for the Service called “Caffeine V2”
As I have mentioned in my book “Too Late you’re Hacked” In 2014 the game changed and the attackers made a lot more money which causes more and more sophistication 8 years later. In fact as you can see they have developed a cloud platform application to make it easy to hack people.
The following image shows the sophistication on what the email phish will look like this
The use of the Caffeine platforma allows the following:
A properly configured and campaign-ready, end-to-end implementation of the Caffeine Phishing Platform has several elements, three of which are:
- Core Caffeine account
- Campaign infrastructure and configuration
(from the Mandiant blog post.
You can see that the criminals are upping their game – is it time to up your game? They are even advertising this service on various criminal darknet places, selling Caffeine phishing licenses.
So if you are still wondering what to do to counter the ever more sophisticated attacks from criminals – Get my book “Too Late you’re Hacked” Or listen to my podcast on spotify to find out what you can do.