FRAMINGHAM, Mass. (1/25/08)--A new group of hackers is targeting aspiring scammers by offering them free phishing kits on the Web. A group from Morocco, called “Mr. Brain,” offers the kits from a site hosted in France. The kits show potential scammers how to set up fraudulent websites and how to trick users into giving out personal financial information. Spam e-mail templates are included, with brands such as eBay, PayPal and Bank of America targeted (ComputerWorld Jan. 23). But the information collected with the kits is sent back to e-mail accounts controlled by the group, Paul Mutton, an Internet services developer with Netcraft, told the magazine. Phish toolkits contributed to a larger number of phishing attacks during December 2007, according to RSA, the security division of EMC Corp. U.S.-based financial services institutions accounted for 62% of phishing attacks (InfoWorld Jan. 16). Credit unions continue to be attacked by phishers. Monterey County Employees CU in Salinas, Calif., reported its members received e-mails sent by scammers purporting to be from the credit union regarding tax refunds. When the users respond by clicking on the links in the e-mail, their personal information is collected (The Californian Jan. 8). The credit union’s members also were targeted by a phishing scam in July. Scammers sent e-mails claiming that the recipients would receive a $20 gift card for taking a survey. When the credit union found out about the e-mails, it contacted members and told them not to give out their personal information, the newspaper said. Vishers, who attempt to solicit personal information by phone, also continue to target credit union members. Martinsville (Va.) Dupont CU members were called last week by scammers who claimed that their credit union accounts had been suspended. To lift the suspension, scammers told the members that they needed to give out their account information (Fox 8 Jan. 15). Listerhill CU, Sheffield, Ala., also reported a vishing scam. Dorothy Keeton of Sheffield said she received a phone call from a visher who claimed her Listerhill account was overdue--but she wasn’t a member of the credit union. She called Listerhill to report the scam (WAFF Jan. 15). Listerhill officials called the police, but before they could figure out where the calls were coming from, the number was disconnected. Like many vishing scams, the phone number the vishers used showed up as Listerhill CU on caller identification, according to news reports.