It has been reported by PandaLabs, Panda Security’s laboratory for detecting and analyzing malware, that cyber-criminals are now distributing free phishing kits used to commit fraud attacks. Some kits received more than 15,000 hits, which proves those kits to be rather effective and, thus, dangerous.

The kits contain templates that help create Web pages imitating those of banks, online payment companies, and other institutions in order to steal confidential information, like banking details, names, credit card numbers, from users that visit them. To take users to these pages, cyber-criminals also have email templates that simulate those sent from these Web sites.

The fact that these services are free contributes to the increase of online fraud, which caused losses of US$1.2 billion in the USA alone in 2007, as estimated by the Federal Trade Commission.

"Cyber-crooks that create these free services get money later on by selling pay services, more sophisticated and customized to the user's needs", says Luis Corrons, Technical Director of PandaLabs. "Remember that cyber-crooks’ ultimate goal is to get money from the infections they spread."

PandaLabs would like to remind users that no bank or financial institution will contact them to ask them for private information like passwords or bank account numbers by email. It is always advisable to ignore and delete those emails.