article featured image


Phishing-as-a-service, often known as PhaaS, is a black-market industry in which trained cybercriminals offer access to the tools and information necessary to carry out a phishing assault in a manner similar to that of a software-as-a-service model.

Vendors of phishing kits promote and sell them on dark web forums. Phishing kits are toolkits that comprise everything required to launch an email assault, including curated databases of targets and branded email templates.

What Happened?

The Resecurity Hunter team researchers discovered a new phishing as a Service toolkit, named Frappo, that is being aggressively disseminated on the dark web and via Telegram channels.

“Frappo” acts as a Phishing-as-a-Service – providing anonymous billing, technical support, updates, and the tracking of collected credentials via a dashboard. Initially, the service popped up in the Dark Web around 22ndMarch, 2021, and has been significantly upgraded since then.


Threat actors may use Frappo to undertake a broad spectrum of impersonation assaults, as Frappo enables fraudsters to host and develop high-quality phishing websites that impersonate major online banking, e-commerce, and retail services in order to steal personal information from their target customers.

The PhaaS provides a dashboard that keeps track of the credentials that have been acquired as well as anonymous invoicing, technical support, and software upgrades.

According to the researchers, Amazon, Uber, Netflix, the Bank of Montreal (BMO), the Royal Bank of Canada (RBC), the Canadian Imperial Bank of Commerce (CIBC), Desjardins, Wells Fargo, Citi, and the Bank of America, are just a few of the companies that Frappo impersonated.

The Frappo service is entirely automated from the beginning to the end. It makes use of preconfigured Docker containers in order to gather hacked login credentials. While Frappo is one such phishing toolkit that has just been identified, analysts believe that the total number of phishing attempts has reached a new high as the use of Phishing-as-a-Service approaches continues to rise in popularity year after year.

In one instance, hundreds of MitM phishing toolkits, which were used to intercept 2FA security codes, were found in the field by a security researcher. It was also possible for the attackers to use these toolkits to steal authentication cookie files from computer systems.

How to Stay Safe?

Always check the URL of the landing page when receiving emails that direct you to login forms to ensure it coincides with the organization that supposedly emailed you.

If you’re unsure, delete the email and call the company directly to see whether it’s a scam or not.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *