Hello, welcome to the Monday, October 12, 2020 edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

If you ever wondered how much work someone has to do to fish a particular website, well, it's actually not that difficult. Jan had a great diary on

Friday summarizing his search for fishing kits, which typically includes a website that

emulates a particular brand and then collects the credentials, and in some cases includes

email templates that can be used

then to direct victims to a particular fishing site.

Now, of course, you can Google for these fishing kits, but one kind of surprising place

where Jan found a lot of these fishing kits was on YouTube because well these fishing kits often

come with a little tutorial or advertisement video that will explain to a buyer how to use

the particular fishing kit and how to actually send the fishing emails.

All in all, Jan found about a hundred different fishing kits.

Now, the top ones are very familiar brands like PayPal, Outlook 365, Amazon, and Netflix.

The diary also includes a screenshot from essentially an online store where you can purchase

these fishing kits.

Some of the cheaper ones, an Apple letter inbox, as they call it, for $5 and an Amazon one

for $3.

More expensive one, well, a Chase bank one for $400. It also depends on

what exactly is included, whether it's just the web pages, whether the email template is included,

or whether even some email addresses of potential victims are included.

Jan also saw a little spike in new fishing kits being posted to YouTube around April, May,

sort of June of this year. Not really clear if there's anything like COVID related or so if that's just a matter

...