Bank of America, Wells Fargo, Capitol One, Citibank, and other well-established financial institutions and online services have been targeted by the novel Robin Banks phishing-as-a-service platform, which has been launched in widespread SMS and email phishing campaigns since the middle of last month, according to BleepingComputer.
Robin Banks, which was developed by threat actors thought to be active since March, enables users to access a personal dashboard that not only allows wallet management and page creation but also permits the inclusion of reCAPTCHA and user agent string checking mechanisms, resulting in an interface that is more sophisticated but easier to use than the BulletProftLink and 16Shop phishing kits, an IronNet report showed.
Researchers discovered last month that Citibank customers have been sent phishing messages by Robin Banks pertaining to "unusual" debit card usage, with the embedded link redirecting to a phishing page that requests inputting of personal information, which are then sent to the API of the phishing platform and could be viewed by operators and platform administrators.