Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Fake-Game offers a Phishing-as-a-Service platform to wannabe criminals

Experts from Fortinet discovered a Russian website called Fake-Game the offers a Phishing-as-a-Service platform to anyone. The Phishing attacks are still one of the most effective methods to grab users’ credentials on the web. Experts from Fortinet have discovered a Russian-language site called ‘Fake-Game’ that offers Phishing-as-a-Service. “During our monitoring, we discovered that this same business model is […]

Fake-Game offers a Phishing-as-a-Service platform to wannabe criminals

Experts from Fortinet discovered a Russian website called Fake-Game the offers a Phishing-as-a-Service platform to anyone.

The Phishing attacks are still one of the most effective methods to grab users’ credentials on the web.

Experts from Fortinet have discovered a Russian-language site called ‘Fake-Game’ that offers Phishing-as-a-Service.

“During our monitoring, we discovered that this same business model is also being used in phishing schemes in the form of a Russian website called “Fake-Game.” Appearing in (at least) July 2015, Fake-Game offers a Phishing-as-a-Service (PHaaS) platform to anyone who signs up on their website:” reads a blog post published by Fortinet. 

Fake-Game phishing website

“You’ve come to the site to hijack accounts,” reads the translation of the message that the website displays.

The website is free to use, but it also offers a paid version for VIP accounts that includes additional features such as the possibility to browse all other phished accounts.

The Fake-game was used to hack into over 688,610 accounts, this is what the authors claim, it is easy to use and  includes also video tutorials.

Fake-Game phishing VIP account

Users only have to choose which type of credential they wish to grab (i.e. Facebook, Instagram, Google, etc.)

The Fake-Game then generates a URL with a unique ID for each user.

“The link is appended by an affiliate ID which, in this case, is our subscriber’s ID. This allows the website to track which stolen accounts belong to which subscriber.” continues the Fortinet post.

“A subscriber can then spread the phishing site to prospective victims. Once a victim enters a credential into the subscriber’s phishing link, a prompt showing the stolen information appears:”

Fake-Game phishing linkjpeg

The Fake-Game is a classic example of crime-as-a-service, similar services allow wannabe criminals to rent infrastructure and service to easily enter the cyber criminal arena.

Fake-Game users only need to trick victims into clicking on the Phishing URL.

Crime-as-a-service dramatically lowers the barrier for entry in the cyber criminal ecosystem.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Fake-game, phishing)