Skip to content

Search the site

Phish fried; Interpol takes down cybercrime outfit 16shop

Interpol, acting with Indonesia police and multiple cybersecurity vendors, arrested three people associate with the 16shop phishing service

Interpol is touting the arrest of three people said to be the facilitators behind a notorious phishing ring.

The international police organization said it had enlisted the aid of a number of cybersecurity vendors in its efforts to dismantle 16shop, a phishing service blamed for tens of thousands of data-harvesting domains.

According to Interpol and its partners, the mastermind of the phishing as-a-service outfit was a 21 year old man from Indonesia who acted with one accomplice domestically and another person based out of Japan.

Interpol said that in addition to the arrest it also seized a number of luxury cars and "electronic items," providing an indication of just how lucrative this operation was for its operators.

In total, it is estimated that the phishing kit was sold to 70,000 customers who operated their own scams across 43 countries.

Group-IB, one of the security firms credited with helping in the takedown, said that the criminal organization at its height contributed to more than 150,000 different phishing sites.

In addition to being able to create sites that looked like popular services such as Amazon, the 16shop service offered localized site creation, coding lookalike sites in any of eight languages to make it even easier for criminals to gather credit card data from unsuspecting users.

"Data collected by Group-IB indicate that more than 150,000 phishing domains were created using the phishing kits in question," Group-IB said.

"The phishing kits sold on 16shop were utilized to target users in Germany, Japan, France, the USA, the UK, Thailand and other countries."

The security vendor noted that the mastermind of the scheme had been in the cybercrime game for quite some time, having started running the phishing service in their teens.

"According to Group-IB, the phishing kits in question had been traded on the cybercriminal underground since at least November 2017," the company notes.

"The phishing kits were being sold at a relatively modest price of US $60-150 depending on the targeted brand."

Police noted that this operation was particularly insideous because it made the fraudulent activity so easy for non-technical users to set up and automate.

"Phishing isn't a new phenomenon," said Indonesian national police cyber crime division director Brigadier General Adi Vivid Agustiadi Bachtiar, "but when the crime-ware is being offer widely on subscription and to automate phishing campaigns, it enables any person to leverage this type of service to launch a phishing attack with a few clicks."