Financial institutions, ePayment, money transfer services and social networks have been named the top three targets of phishing kits by research organisation PhishLabs. Email services were also found to be a large target.
Throughout June, PhishLabs analysed around 9,000 phishing kits (and their variants) from a number of sources such as file sharing sites and scammer forums.
Don Jackson, the director of threat intelligence at PhishLabs, explained the variety of phishing kits available, including those designed for indiscriminate and targeted distribution.
"Others were […] customised for private use, and some appeared to be hand-crafted for a particular purpose or an exclusive target," he said.
"In addition to showing up high in search results through malicious search engine optimisation tactics, links to phishing websites using these kits are delivered via spam email, SMS test messages, instant messenger services, and posts on social media websites and blogs."
A phishing kit is collection of web pages, images and custom scripts designed to be installed on a server, and then collect sensitive information with little setup. Scammers are known to make these available for free, and then install backdoors to take over themselves.
These attacks are just one type amongst a growing menagerie of deadly methods utilised by cyber attackers. To ensure vulnerability management, businesses will need to put appropriate security systems in place, and educate staff on how to identify fraudulent emails.
PhishLabs noted that distribution of phishing kits was often aimed at online banking and payment services, as well as social networking sites. Phishing attacks are certainly going to continue throughout 2014, and could become a serious issue if not prepared for.