Phishing Email Kit: How to Spot and Avoid Them

How to spot a phishing email kit

Here’s another watchout for your inbox: Scammers using a website to host a “phishing kit.” Through the kit, scammers send phishing emails with links pointing to a webpage created to mimic a real website and asking you to provide your password. This type of phishing email kit usually provides a login page, and when someone puts in their password, it typically either emails the credentials to the scammer or writes it to a log file. Keeping you up to date on the latest scams is part of our cyber security service. So, let’s take a look at this particularly “phishy” ploy. 

The Anatomy of a Phishing Scam

If you know what to watch out for, you can be more successful at avoiding these scams. Looking at the image below to the left, it starts with a phishing email with a link pointing to a fake login page. Taking a look at the link itself (below right), you can see that the last part of the link is an email address encoded (base64). This adds more trickery to the phishing site because when a user who receives it clicks on it, it loads that user’s email address into the login page. 

Because I didn’t want to tell the scammer which email address clicked on the link, I encoded a fake email address, changed the link and opened it in a safe environment. 

Taking a look at the login page (above right), I used software to capture all data that went to the website, and I was able to see what happens when I put a fake password into the site. As with most phishing email kits, I can see that it uses another script on the site to either log or email the credentials to the scammer (below).

By taking a closer look at the website used to host this phishing kit, I was able to find the actual phishing kit with the raw code (below left). You can see in the image below to the right, the referenced email address used in the phishing kit to send the harvested credentials to the scammer.

Email Phishing Kit: Protect Yourself

You don’t have to understand all the behind-the-scenes tech to know this scam is something you want to avoid. Things you can do to protect yourself: 

  • Always be cautious about what links you click on: If you are not expecting to receive this type of email or it seems “unusual,” err on the side of caution and reach out to the sender on another known contact method.
  • Whenever logging into a website, double check the address bar and verify it is the correct site you are expecting. 

Spot phishing attempts before you bite. Download Intrust’s Phishing Cheat Sheet to get all the “do’s,” “don’ts” and “nevers” when receiving emails.

Posted in
Chaim Black - Profile - Intrust IT Support Cincinnati

Chaim Black

Chaim Black is a Cyber Security Analyst, providing a full scope of IT and cybersecurity services to a wide range of businesses, municipalities and manufacturing plants.

Share this Blog

Enterprise Password Management Promo Wide

Is Your Name or Birthday a Part of Your Password?

If so, you’re a part of the 59 percent of people who don’t follow proper password hygiene. More than 70 percent of passwords are used for more than one system, meaning if cybercriminals crack one, they can access a lot more accounts.

Our free Enterprise Password Management Guide will give you the best password hygiene practices to help you secure your computer and your business.

Download the Guide

Explore the Latest Trends in IT

Securing Our Cities Cybersecurity Protection for Local Governments - Intrust IT

Securing Our Cities: Cybersecurity Protection for Local Governments

As a city or municipality manager, you understand that the security of your community extends far beyond physical borders. With...
Manufacturing and IoT Securing Connected Devices

Manufacturing and IoT: Securing Connected Devices

You're the operations manager of a cutting-edge manufacturing facility, overseeing a production floor buzzing with activity. Your team relies on...
Small Business Cyber Security Toolkit

Small Business Cyber Security Toolkit: The Tools You Need to Stay Protected

With great power comes great responsibility, especially when it comes to running a business and protecting your digital assets. As...

Business Continuity Plan Template for Municipalities

Municipalities are facing increasing cyber attacks.  With cybercrime rates soaring and municipalities ranking as prime targets, the need for robust...
Cybersecurity Strategies for Municipalities 8 Expert Tips - Intrust IT

Cybersecurity Strategies for Municipalities: 8 Expert Tips

Municipalities tasked with safeguarding sensitive data and critical infrastructure are increasingly the targets of cyberattacks. Municipalities often handle a vast...
Business Continuity Guide for City Managers - Intrust IT

Business Continuity Guide for City Officials

The resilience of a city's operations hinges on its ability to effectively weather unforeseen challenges. From natural disasters to cyber...