16Shop logo written within code

Indonesian Cyber Army targets PayPal Users

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

See the full article here: https://www.forbes.com/sites/daveywinder/2020/01/23/paypal-users-are-being-actively-targeted-by-indonesian-cyber-army-threat/#11f4502321c2

Davey Winder at Forbes analyses the phishing-as-a-service network, with a focus on the 16Shop attack kit. James Houghton, Phishing Tackle CEO comments.

What is the 16Shop attack kit?

The 16Shop attack kit is considered one of the most advanced one-stop-phishing kits available on the dark web. Complete with instructions for installation and removal, and in some cases even live customer support!

It provides a live dashboard interface with usage statistics, phishing success rates and a top-down view of active licensed products. With each new phishing target (Apple, AMEX, Paypal etc) the user must pay for a new license.

Who are the Indonesian Cyber Army?

The Indonesian Cyber Army are a cyber-criminal group that are believed to be predominantly behind the 16Shop network and attack kit. According to research by ZeroFOX Alpha Team, one of the group’s authors “DevilScreaM” has their name “plastered over the kit code and distribution network”.

What can we do to protect our organisation from threats like the 16Shop attack kits?

“At the end of the day it comes down to the knowledge of the individual that actually clicks a link and subsequently enters details into any associated landing page.  The sophistication and frequency of these attacks may have increased but the advice, quite rightly, remains the same:”

James Houghton – CEO, Phishing Tackle
  • Don’t rely on information shown in the From or Reply-to sections of the email.
  • Never click a link or open an attachment you were not expecting, cannot verify, isn’t relevant to you, or is out of context.
  • Always hover over a link to see where it takes you.  If you can’t confirm it’s a genuine destination URL, don’t click it.
  • If you do end up at a landing page, never enter any sensitive information unless you are completely satisfied the site is genuine.  It’s always best to manually enter the known site address, instead of following a link.
  • Just because the site shows a padlock does not, at all, mean it is necessarily safe and free from malicious actors.

Phishing attacks still get through even the most advanced security hardware. When they do, your organisation’s security and livelihood rests in the knowledge of your users.

If you want to know how many of your users are susceptible to clicking a phishing email, check out our Free Click-Prone® Test.