The Indonesian cybercrime gang Cyber Army has expanded its phishing-as-a-service offering, dubbed 16Shop, enabling users to target PayPal and American Express customers.

This criminal
operation was first picked up by McAfee in November 2018 and has primarily
targeted Apple owners and Amazon customers for its phishing attacks, but now
ZeroFOS’s Alpha Team has proof 16hop has added PayPal and American Express. This
information was obtained from phishing kit from the gang picked up by Alpha
Team researchers, the
company said.

The phishing
emails are designed to obtain as much PII as possible. The email note itself
generally informs the target their account has been breached or compromised in
some manner and the alleged company needs to confirm their account details,
including login credentials and payment card data.

The kits
themselves are designed for non-technical users.

“The goal of
phishing kits is to make this experience seamless, so not-so-technical kit
operators can deploy phishing pages without needing to understand the
underlying protocols behind managing this infrastructure. This kit also merges
dashboard functionality regardless of the scam page an operator buys, so the
operator gets an integrated experience whether they purchase one or multiple
kits,” the company said.