Recently, a new PhaaS (Phishing as a Service) operation has surfaced that specifically targets major banks. These banks include Bank of America, Wells Fargo, Citibank, Capital One, PNC, US Bank, Lloyds Bank, Santander, and the Commonwealth Bank of Australia.
Snarkily named "Robin Banks," the service also offers templates to steal T-Mobile, Netflix, Google, and Microsoft accounts.
The group was unearthed by analysts from IronNet, whose evidence indicates that the group has been active since at least March of this year (2022).
Even though the group hasn't been active for terribly long, they've already made quite a name for themselves for their high-quality phishing pages that target customers of the organizations mentioned above.
The group has two different pricing tiers to those who wish to engage their services. Their budget option is just fifty dollars a month and offers a single page and 24/7 support. Their deluxe package is available for $200 a month and it gives their customers unlimited access to their templates, along with 24/7 support.
The service even offers a professionally designed dashboard. This allows threat actors who hire them to keep an eye on every aspect of their illicit operation, create and manage the pages they have created using the offered templates, wallet management, and a variety of other advanced tools, including reCAPTCHA services to thwart bots.
If you're in any way associated with information security, the details above should alarm you. Robin Banks has seen their popularity on the Dark Web explode. What's perhaps most disturbing about the service they're offering is that increasingly, hackers don't need a broad or deep skillset to set up an effective phishing campaign. The service does all the hard work for them.
Unfortunately, that means that IT Security just got a whole lot harder. Stay vigilant out there.