Trend Micro Incorporated announced that its close cooperation with law enforcement has led to another major win after the dismantling of a prolific phishing-as-a-service (PaaS) operation. Trend Micro was first approached by INTERPOL in 2020 when the policing alliance requested threat intelligence regarding PaaS site 16shop. The platform sold phishing kits designed to lower the barrier to entry to budding cybercriminals, enabling them to scale scam campaigns with ease.

Through its research, Trend found and reported to INTERPOL that: Attacks supported by 16shop were particularly prevalent in Japan, as well as the U.S. and Germany. Customers of 16shop were able to craft phishing pages to harvest Amazon, American Express, PayPal, Apple, and CashApp credentials as well as U.S. banking logins. The platform's phishing kits automatically localized the language of phishing sites depending on the victims' location.

It featured capabilities designed to thwart analysis, such as anti-sandboxing and geolocated access restrictions. 16shop's web infrastructure was hosted across numerous legitimate cloud providers to further avoid detection. The site was active from 2018 until at least 2021, with copycat sites most likely springing up after this date.

Trend's close support of INTERPOL in this operation follows numerous previous engagements, including 2022's Operation African Surge, and the dozens of training sessions the cybersecurity provider has delivered to law enforcement agencies since 2014, including a five-day course recently held in Manila.