A brand-new Phishing-as-a-Service (PhaaS) platform known as “Robin Banks” has been developed, providing ready-made phishing tools intended to trick customers of reputable financial institutions and online services.

Among the targeted organizations are:

  • Citibank
  • Bank of America
  • Capital One
  • Wells Fargo
  • PNC
  • S. Bank
  • Lloyds Bank
  • the Commonwealth Bank in Australia
  • Santander

Moreover, the recently launched Phishing-as-a-Service (PhaaS) platform provides templates for snatching accounts from Microsoft, Google, Netflix, and T-Mobile.

IronNet security researchers were the ones to discover Robin Banks, and according to a report they published, the phishing platform is already in use in extensive campaigns that began in mid-June and target people via text messages and email.

More on the Robin Banks Platform

Robin Banks is a new initiative of a hacking organization that has allegedly been operational since at least March 2022, designed to quickly create high-quality phishing pages to go after clients of important banks.

How Much Does the Platform Cost?

According to BleepingComputer, there are two price tiers available for it: the first one costs $50 per month and includes single pages and 24/7 support, and the second one costs $200 per month and offers unlimited access to all templates and support round-the-clock.

How Does It Work?

Cybercriminals who register are given access to a personal dashboard that includes reports on their activities, tools for creating a page quickly and easily, wallet management, and options for building customized phishing websites.

The Robin Banks dashboard


Additionally, the users have the option to add reCAPTCHA to prevent bots or check user agent strings to exclude certain victims from highly-targeted operations.

The Robin Banks website has a more sophisticated yet user-friendly webGUI than 16Shop and BulletProftLink — two well-known phishing kits that are also notably more expensive than Robin Banks as well.


Furthermore, the new phishing platform is adding new templates all the time and is updating the old ones to reflect modifications in the style and color scheme of the targeted enterprises.

This is the reason why the Robin Banks phishing platform became so popular in the cybercrime space, with numerous malicious actors adopting it in the past couple of months.

The Citibank Incident

In one attack discovered by the security company in June, a Robin Banks operator sent SMS messages to Citibank customers alerting them of “unusual usage” of their debit cards.

Smishing message sent to random targets


The link provided to remove the purported security restrictions directs victims to a phishing page where they are asked for their private information. When the victim visits the phishing website, their browser is fingerprinted to establish whether they are using a desktop or a mobile device, and the appropriate web page version is loaded.

As soon as the user fills out all of the requested information on the phishing page’s form fields, a POST request is transmitted to the Robin Banks API, which contains two unique tokens, one for the attacker and one for the victim.

The platform’s webGUI allows both the operator and platform administrators to see all information sent to the Robin Banks API.

A new advanced PhaaS platform’s launching is unfavorable for internet users because it encourages phishing among less-skilled malicious actors and increases the flow of dangerous messages.

Protection Measures

It is recommended that you avoid clicking on links sent via SMS or email in order to stay safe from these malicious attempts. Also, make sure the website you’ve landed on is legitimate.

Last but not least, enable Two-Factor Authentication (2FA) across all of your accounts and use a personal phone number to get one-time passwords.

How Can Heimdal™ Help?

Phishing is all around nowadays with more and more advanced techniques being adopted. Make sure that you use an efficient Email Security tool paired with a good Email Fraud Prevention product. The first keeps mail-delivered threats away, while the latter protects against Business Email Compromise and fraud attempts through a combination of threat intelligence and a number of 125 analysis vectors.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Why You Should Start Using Two-Factor Authentication Now

What Is Email Security?

Phishing attacks explained: How it works, Types, Prevention and Statistics

Leave a Reply

Your email address will not be published. Required fields are marked *