It’s not just mainstream software firms like Adobe and Microsoft that have pivoted to the “as-a-service” model in recent years. We’re now seeing major cybercrime groups charge a monthly subscription for software platforms that can help their users steal money.
Google is suing a major Chinese cybercrime operation, which it said facilitated scams targeting hundreds of thousands of victims, causing losses estimated in the millions.
Roughly 9,000 fake websites and more than 1 million fraudulent URLs are allegedly connected to the group, as well as 55,000 spam texts flagged by Android users in just two weeks in May. The tech giant claims that the group, Outsider Enterprise, distributes phishing kits that enable criminals to run fake text-message campaigns impersonating well-known brands such as Google.
Phishing campaigns created with Outsider’s tools would generally start with an SMS text message directing unsuspecting users to a fake e-commerce website that would harvest their data, including credit card details.
In its court filing, Google said the group’s “phishing-for-dummies” software, named Outsider, made tools that “previously required technical sophistication” readily accessible. Subscriptions started at $88 per week and included almost 300 templates for fake websites designed to deceive customers, a dashboard that allowed criminals to monitor their campaigns, a discussion forum where users could find collaborators and receive support, and keylogging capabilities.
(Credit: Google)
“As a result, a criminal with no programming knowledge can, for example, generate a near-perfect replica of a cellular provider’s website in minutes, coordinate to send ‘bait’ text messages to thousands of targets, and begin harvesting stolen data with little effort,” read the filing.
The group’s pre-made website templates allegedly included replicas of websites belonging to over 100 American organizations, including the New York City government, the District of Columbia Department of Motor Vehicles, the Los Angeles Department of Transportation Parking Violations Bureau, and the United States Postal Service.
Recommended by Our Editors
(Credit: Google)
The enterprise also allegedly encouraged scammers to use AI platforms like Google’s Gemini to write code to create their own custom phishing websites, even providing video tutorials to show users how to do so.
The filing admits Google is not aware of the real identities of members of Outsider, though it claims to have knowledge of other connected groups.
About Our Expert
Experience
I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.
I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.
Click Here For The Original Source.
