Law Enforcement Operation Reveals Phishing Services Are Drawing in Young and Inexperienced Clients

by | Apr 25, 2024

A recent law enforcement operation that took down the LabHost phishing service has raised some questions about the “mainstreaming” of cyber crime, as the London police found that young university students with no prior record of hacking or online criminal activity were among the suspects that were rounded up.

Kits and phishing services of this type are a relatively new phenomenon, only beginning to pop up roughly within the last five years. The common model that has emerged is a monthly subscription fee to access all the technical tools and features needed to phish in a simplified format, in this case with video tutorials and online chat assistance to help complete newcomers get started. A demographic that would otherwise not have found itself involved in cyber crime may be seeing this as some sort of “side hustle” or investment opportunity now that technical barriers are removed, without full understanding of how serious the crime is or the criminal ecosystem they are involving themselves with.

International law enforcement operation finds unusual suspects

LabHost appears to have been completely taken down at this point, with the operators of the phishing service posting a “goodbye” message to Telegram advising former clients to wipe their devices and be ready for fallout from the law enforcement operation. The action involved Europol and agencies from 19 countries, and some of the former clients of the phishing service are now receiving messages detailing their specific crimes and urging them to turn themselves in to local police.

London’s Metro police notes that university students were among those arrested in connection with the scheme. The police force cautions that phishing services are broadening their appeal with accessibility, potentially recruiting on Telegram and other services as either some sort of legitimate job or a “soft” form of crime that law enforcement won’t really care about.

This law enforcement operation, along with similar massive international efforts in recent years to disrupt major ransomware gangs, should make clear that is not at all the case. Phishing and online scamming have become major economic drains and most definitely have the attention of federal and national police agencies.

Cyber crime outfits increasingly showing interest in phishing services

The three-day raid in mid-April involved not just European countries, but the US, Australia, New Zealand and Canada (where some of the phishing service infrastructure was being hosted). 37 suspects were arrested in total during the law enforcement operation, with four in the UK being named as “ringleaders” of LabHost. London Metro said that the investigation had been going on since June 2022, but Europol became involved in September 2023.

In total the phishing service had about 40,000 domains used for hosting attack pages, and subscribers (who paid around £200 each per month) could get assistance in targeting or representing themselves as specific global brands. The service also boasted a tool called “LabRat” that was used to capture 2FA authentication codes from victims.

In total, the law enforcement operation found that LabHost had facilitated the theft of nearly half a million credit and debit card numbers during its three-year run, with about 64,000 of these also paired with PIN numbers. While this is just one of the players in an expanding ecosystem, every takedown of a major phishing service does tend to make future operations of this sort easier for police. The consequences will also hopefully send a message to any other young “university students” or teenagers that think phishing kits are a safe way to bring in some extra income.

Recent Posts

How can we help?

10 + 9 =

× How can I help you?