Stealing passwords are pretty easy; all you have to do is just ask for it. Phishing, a popular way to steal a password, where hackers set up a fake login page and ask people to sign in. Those fake pages look like legitimate websites that make it easy to fool people. And now it has become so huge a business that a Russian language site is offering phishing as a freemium service.
Known as “Fake-Game,” this site lets anyone to create an authentic looking phishing page, send it to anyone, and eventually steal the victim’s login details. Surprisingly, none of these requires any training or technical knowledge.
Researchers from cyber security company Fortinet provided details on “Fake-Game” in a blog post. They point out that this site has been online for over a year, allowing over 60,000 active users to steal nearly 700,000 passwords using its service.
“Fake-Game” makes stealing passwords as simple as sharing a website. You don’t even have to create or host a website by yourself. Just select a website or page that you’d like to compromise and copy the URL generated by “Fake-Game”. Now, share this URL with someone you want to hack. Your victims will never be able to know that it’s a fake site and you’ll be notified after they take the bait.
And this is where the money comes. Links inside the service itself lets you pawn your ill-gotten passwords.
“The stolen credentials can be sold from $0.015 USD up to $15.39 USD at current exchange rates,” the Fortinet report says.
Although it’s a free service, you can also try their paid features with $3.50 for a month and $7.12 for three months. Paid service will let you access accounts stolen by free users while preventing other paid users from accessing your stolen accounts.
And its customer service is pretty good. If you’re a potential criminal, you’re most welcome to chat with their customer service agent.
And if you’re not any of those hackers, you’ve already understood that you might be one of those victims. So, instead of getting panicked, you should take precautions. Always verify the websites before you log in. If any site offers two-factor verification, do enable it. And finally, change your passwords regularly. So, if any of your login details has already been stolen, it can’t be used against you.