John Hammond Explores the World of Phishing Kits

In this video, John Hammond delves into the realm of phishing kits, which are web pages designed to steal sensitive information such as usernames, passwords, two-factor authentication codes, banking information, credit card numbers, phone numbers, and physical addresses. These phishing kits are often disguised as legitimate login pages for popular applications like Microsoft Office 365, WhatsApp, or even gaming platforms like Counter-Strike. Hammond begins by explaining how these phishing kits work. They are often hosted on services like GitHub Pages, Vercel, or even Amazon S3 buckets. Once the user enters their information, it is sent to a server controlled by the attacker. In some cases, the stolen information can be directly sent to messaging platforms like Discord or Telegram via bots and APIs. To demonstrate this, Hammond uses URLScan Pro to search for recent phishing kits. He focuses on those that use the Telegram API to send the stolen information. By examining the source code of these pages, he shows how the information is sent to a Telegram bot via a simple web request. The API tokens and chat IDs are often hardcoded into the client-side JavaScript code, making the task easy for attackers but also for security researchers who want to understand how these attacks work. Hammond finds several examples of phishing kits, including a fake Microsoft login page, a French WeTransfer file transfer page, and even a fake Instagram login page. He shows how these pages can be obfuscated to make detection more difficult, but ultimately, the crucial information like API tokens and chat IDs are still visible in the source code. To illustrate how easy it is to create a phishing kit, Hammond creates his own using a Telegram bot. He uses a fake Zoom meeting form hosted on an Amazon S3 bucket. By entering fictitious information, he shows how this data is immediately sent to his Telegram bot. He also explains how some phishing kits can include downloads of malicious software, such as RATs (Remote Access Trojans), to maintain access to the victim's machine. The video highlights the importance of online vigilance. Users must be attentive to suspicious URLs, strange certificates, and links that do not work properly. Phishing kits are ubiquitous and can appear at any time, often masquerading as legitimate sites. It is crucial to know the indicators of phishing and to maintain a proactive security posture. In conclusion, John Hammond's video offers a fascinating and educational glimpse into the world of phishing kits. It shows how easy it is for attackers to create these pages and steal sensitive information, while emphasizing the importance of vigilance and online security.