Cybercrime as-a-service , Fraud Management & Cybercrime

Law Enforcement Takes Down Phishing-as-a-Service Site

Authorities in Multiple Countries Arrest Operators of 16shop
Law Enforcement Takes Down Phishing-as-a-Service Site
Interpol headquarters in Lyon, France (Image: Shutterstock)

An international law enforcement operation took down a phishing-as-a-service website that security researchers said was responsible for more than 150,000 phishing domains.

See Also: Webinar | Don't Get Hacked in the Cloud: The Essential Guide to CISOcial Distancing

Authorities in Indonesia arrested the site's alleged administrator and another man, while Japanese police arrested an additional suspect, Interpol announced Tuesday.

The site, 16shop, has been in existence since at least 2017. It sold phishing kits that targeted more than 70,000 people across 43 countries, including victims in Germany, Japan, France, the United States, the United Kingdom and Thailand. The kits contained malicious scripts allowing cybercriminals with modest programming skills to quickly deploy large volumes of phishing pages, said cybersecurity firm Group-IB, which supplied technical expertise to the investigation.

Customers could obtain fake webpages mimicking Amazon for $60. A page impersonating American Express sold for $150, Group-IB said.

Phishing, a form of social engineering that seeks to trick victims into supplying credentials to sensitive accounts such as online banks, continues to be one of the most common forms of hacking. The Anti-Phishing Working Group recently called 2022 a record year for phishing, saying its data has recorded the number of phishing attacks growing by more than 150% per year since the start of 2019 (see: New AI Bot Could Take Phishing, Malware to a Whole New Level).

Interpol says it flagged 16shop as a threat during an ongoing project researching cyberthreats in the 10-country Association of Southeast Asian Nations regional bloc. The team determined the platform's servers had been hosted by a company based in the United States and worked to connect Indonesian and U.S. investigators.

The Indonesian National Police's Directorate of Cyber Crimes seized electronic items and several luxury vehicles in the raid conducted to arrest the platform's alleged administrator.

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.