16Shop Phishing as a Service Platform that Scammed Apple Pay Users Gets Busted

August 11, 2023

Interpol has taken down the 16Shop Phishing-as-a-service platform which sold phishing kits to cybercriminals who then targeted Apple Pay, Cash App, Amazon, American Express, and PayPal customers. The operation that took place in coordination with a Singapore-based Cybercrime agency Group-IB resulted in the arrest of three people from Indonesia and Japan.

Singapore-based Group-IB ‘s cyber investigation team assisted in the identification and tracking down of suspects, including  21-year-old operators and facilitators. According to reports by the investigating organizations, luxury items, and vehicles were also seized while making arrests. The data further showed that users from developed countries like the United States, United Kingdom, Germany, Thailand, and France were targeted in phishing attacks assisted by these platforms. According to Group-IB data more than 150,000 links were created using phishing tool-kits in question.

How Does A Phishing as a Service Platform Work?

A Phishing as a service platform usually has everything needed by entry-level cyber criminals in the form of kits, victim overview dashboards, hosting, phishing links, and other relevant support required to target potential victims with phishing links. Interpol stated on its website that victims would typically receive an email with PDF links redirecting victims to enter personally identifiable information or credit card details.

The hacking tools sold by the PaaS platform compromised more than 70,000 users in 43 countries. 

These service providers increase the risk of attacks because they make it easy for criminals to have all the necessary equipment required to target victims with fraudulent links.

What Are Drawbacks of Such Easy to Available Service?

Preventing crimeware through phishing links is a challenging task because there will always be cybercriminals experts in the art of creating phishing links and luring unsuspecting customers into sharing their personally identifiable information and other valuable data. However, Phishing as service platforms like 16Shop, have a major drawback because they can market their product and even may offer subscriptions, enabling novice cybercriminals with tools, that they can’t access otherwise.

Effectiveness of Interpol in Busting Cybercriminals

It takes an international policing organization like Interpol to take down entities involved in cybercrime as witnessed in the case of  Phishing as a service platform due to the cross-border nature of their operations. However, due diligence on the part of IT companies offering hosting services or other technical support can also play a role in the timely detection and dismantling of their functions, saving thousands of citizens across the globe from losing their hard-earned money.

Also Read: Interpol Blocks Bank Accounts, Seizes Millions As Part of Operation Jackal