It’s not just mainstream software firms like Adobe and Microsoft which have pivoted to the “as-a-service” model in recent years. We’re allegedly now seeing major cybercrime groups charge a monthly subscription for software platforms that can help their users steal money.
Google is suing a major Chinese cybercrime operation, which it said facilitated scams targeting hundreds of thousands of victims, causing losses estimated in the millions.
Roughly 9,000 fake websites and more than 1 million fraudulent URLs were allegedly connected to the group, as well as 55,000 spam texts flagged by Android users in just two weeks in May. The tech giant claims that the group, named Outsider Enterprise, distributes phishing kits that enable criminals to run fake text-message campaigns impersonating well-known brands such as Google.
Phishing campaigns created with Outsider’s tools would generally start with an SMS text message, which would redirect the unsuspecting user to a fake e-commerce website which would harvest their data, including their credit card details.
In the court filing, Google said the group’s “phishing-for-dummies” software, named Outsider, made fraud that “previously required technical sophistication” readily accessible. The group’s tool, which started at $88-per-week for a subscription, included almost 300 templates for fake websites designed to deceive customers, a dashboard allowing criminals to monitor their campaigns, a discussion forum where users could find collaborators and receive support, and keylogging capabilities.
(Credit: Google)
“As a result, a criminal with no programming knowledge can, for example, generate a near-perfect replica of a cellular provider’s website in minutes, coordinate to send ‘bait’ text messages to thousands of targets, and begin harvesting stolen data with little effort,” read the filing.
The group’s pre-made website templates allegedly included replicas of websites belonging to over a hundred American organisations, including the New York City government, the District of Columbia Department of Motor Vehicles, the Los Angeles Department of Transportation Parking Violations Bureau, and the United States Postal Service.
Recommended by Our Editors
(Credit: Google)
The enterprise also allegedly encouraged scammers to use AI platforms, including Google’s Gemini, to write the code needed to create their own custom phishing websites, even providing video tutorials showing users how to do so.
The filing admits Google is not aware of the real identities of members of Outsider, though it claimed to have knowledge of other connected groups.
About Our Expert
Experience
I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.
I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.
Click Here For The Original Source.
