$25 software kits to steal your personal details are freely on sale on dark web — here's how to remain safe

Phishing kits sold for $25 give low-skilled criminals powerful tools to steal dataDrag-and-drop website builders and fake emails make launching professional scams easyPhishing-as-a-service platforms help criminals run large attack campaigns The world of cybercrime is ever-evolving, and phishing attacks are becoming easier to carry out.New research by NordVPN’s shows that phishing kits - pre-made software bundles - are now widely sold for less than $25, giving even low-skilled criminals the ability to steal sensitive data and launch malware attacks.NordVPN’s research found phishing kits are, like so much criminal gear, often sold on the dark web and apps like Telegram, with the packages typically including everything an attacker needs: ready-to-use fake websites, pre-written emails, and stolen contact lists. Targeting Google, Meta and Microsoft Brands such as Google, Meta/Facebook, and Microsoft are some of the most commonly impersonated, with nearly 85,000 fake Google URLs discovered in 2024 alone.Adrianus Warmenhoven, cybersecurity expert at NordVPN, explained these kits are making cybercrime more accessible.“Phishing kits are a force multiplier for cybercrime. They put powerful attack tools into the hands of people who may not have the skills to build them on their own,” he says.“With features like drag-and-drop website builders, email templates, and even contact lists, these kits enable even the least technical attackers to carry out professional-looking scams.”At the same time, phishing-as-a-service (PhaaS) platforms are rising. These subscription-based services allow criminals to launch campaigns without having to manage any of the technical work themselves.“Phishing kits and PhaaS platforms lower the barrier to entry, so we’re seeing a surge in the number and variety of attacks,” Warmenhoven adds. “That means consumers need to be more alert than ever.” How to stay safe (Image credit: Amazon India) Protecting yourself starts, as always, with being skeptical about unexpected emails, especially ones that try to create a sense of urgency or promise big rewards.Always hover over links to check for small spelling errors or unusual domains before clicking.Enable multi-factor authentication wherever possible to add a second layer of protection to your accounts. This can stop attackers even if your password gets compromised.Avoid using free file sharing or video hosting sites you do not trust. These often hide malware or invasive trackers.Keep all your software and devices updated to patch known security flaws. Use anti-malware tools to scan downloads, and consider installing browser tracker blockers to protect your privacy.If you accidentally click on a suspicious link or download something you are unsure about, run a full malware scan immediately. If you think your information may have been exposed, change your passwords right away from a safe device.Staying careful with where you browse, what you download, and who you communicate with online can reduce the risks from phishing attacks and help keep your information secure. You might also like This is everything you need to know about phishing attacksEuropean diplomats targeted by Russian wine tasting phishing campaignAI program spoofed in phishing campaign spawning fake Microsoft Sharepoint logins