A joint operation between Interpol and cybersecurity firms has led to an arrest and shutdown of the notorious 16shop phishing-as-a-service (PhaaS) platform.
Phishing-as-a-service platforms offer cybercriminals a one-stop-shop to conduct phishing attacks. These platforms typically include everything you need, including email distribution, ready-made phishing kits for well-known brands, hosting, data proxying, victim overview dashboards, and other tools that help increase the success of their operations.
These platforms are a significant risk as they lower the bar of entry for inexperienced cybercriminals, offering them a simple and cost-effective way to launch phishing attacks with only a few clicks.
Group-IB, which aided Interpol in the takedown operation, reports that the 16shop platform offered phishing kits that targeted Apple, PayPal, American Express, Amazon, and Cash App accounts, among others.
Group-IB’s telemetry data shows that 16shop is responsible for creating 150,000 phishing pages, which targeted people mainly from Germany, Japan, France, the USA, and the UK.
Interpol’s announcement mentions that at least 70,000 users from 43 countries were compromised by phishing pages created through 16shop.
The data stolen in these attacks include personal details, account emails and passwords, ID cards, credit card numbers, and telephone numbers.
Arrest of operator
Interpol’s operation resulted in the arrest of the 21-year-old platform operator in February 2022 in Indonesia and later led to the apprehension of two facilitators, one in Japan and one in Indonesia.
“A notorious ‘phishing-as-a-service’ (PaaS) platform known as ’16shop’ has been shut down in a global investigation coordinated by INTERPOL, with Indonesian authorities arresting its operator and one of its facilitators, with another arrested in Japan,” reads Interpol’s press release.
“Assisted with information from an array of private sector partners, the INTERPOL team was soon able to determine the identity and probable location of the platform’s administrator,” Interpol further added.
A US-based company hosted 16shop’s servers, but its registration information showed that it was based in Indonesia.
The police in Indonesia arrested the young man and seized electronic items and several luxury vehicles that were in the operator’s possession.
The two facilitators were identified and subsequently arrested following the apprehension of the admin, suggesting he may have divulged information about his accomplices.