All You Need to Know About Tools and Methods of Email Phishing Attacks

The FBI reported phishing attacks to be the top cybercrime threat to organizations in 2020. That makes sense, since it’s one of the most common hacking methods for stealing personal information. In any phishing attack, the hacker’s goal is to trick individuals into providing him their sensitive information. This might include an email, bank account, or social security number, among other details. Hackers often gain such valuable data from these attacks that they decide to carry out larger and more sophisticated hacking attempts in the future. 

The most common type of phishing attack is email phishing. Hackers send an email to a huge number of people at the same time, impersonating a known company. The email contains a link to the phishing page that often looks like the website of the company the hacker is trying to impersonate. After the victim enters the site, he is asked to provide his personal details. 

Email phishing, however, is only one type of phishing attack. Other phishing attacks include SMS (e.g. smishing), voice call (e.g. vishing), or the use of different malware tools. Spear phishing targets a specific individual within an organization. Regardless of the specific type of phishing attack, each one has the potential to cause widespread damage to both an individual and organization.

Phishing Tools and Methods in the Dark Web

Unfortunately, phishing attacks are easy to execute. That’s because the dark web is full of actors who offer both tools and how-to guides that can help almost anyone execute these types of attacks. 

Malicious actors can find phishing pages very easily on dark web marketplaces. These are fake pages that lead a victim to a website of what seems to be a legitimate company. Thinking the site is legitimate, victims provide their personal details. These may even include a password and credit card information.

The sale of a phishing page on a known dark web market

Malicious hackers create these phishing pages very easily. The dark web is full of  hundreds of examples of criminals creating fake pages of well-known sites. The hackers then sell these fake pages for only a few dollars or euros per page.

Spotlight on Dark Web Actor GoldApple

Actor Name: GoldApple 

Main Focus: Phishing pages and other products that can be used for phishing attacks and leaked data

Languages: English 

Time Active on Dark Web: Active since at least mid-2018

Sources of Activity: Major dark web marketplaces, including new ones

One of the best-known actors selling phishing pages on the dark web is GoldApple. Active mainly on dark web marketplaces, he sells products related to phishing and leaked data. The first activity was able to identify from GoldApple was a post of his selling a database with personal identifiable information (PII) of 49 million Turkish people.

GoldApple mostly sells phishing pages, targeting different countries with relevant sites and databases. These different databases are then used to send mass emails to the addresses appearing in it. Although his main focus is on phishing-related items, he sells other products such as fake templates for driver’s licenses. 

Since 2018, GoldApple has been active on dozens of different marketplaces. That includes those that have already shut down like Empire Market. We have identified vendor profiles of his in almost every new marketplace. For example, he recently opened an account on World Market, a new market that opened in the last few months and has quickly gained popularity.

phishing tools and methods
GoldApple’s profile on World Market
phishgin 3
Sale of GoldApple products on Apollon Market

GoldApple continues to be active and share his products in every new and major dark web market. 

Below is a graph showing both the number of posts made by GoldApple and the number of mentions of him in other posts in Webz’s Cyber API.

phishgin 4
Posts made by GoldApple and mentions of him in posts in Webz’s Cyber API continues to detect and monitor GoldApple’s posts in both established and new marketplaces all over the dark web.

Dark Web Data Helps Mitigate Against Phishing Attacks

Fortune 500 brands across industries are highly susceptible to phishing attacks. This includes technology companies like Google, Yahoo, Microsoft, Amazon and others. These organizations communicate with their customers by email and have also built up a strong brand. This combination makes them a valuable target for hackers.  

When these organizations suffer a leak of their digital assets, it can cause customers to start to lose faith in the brand. This loss of trust can financially impact the brand even more than the attack alone. Fortunately, comprehensive access to a wide range of dark web sources allows organizations to mitigate against these types of crimes.   

Want to learn more about how dark monitoring delivers the most comprehensive and continuous crawling of dark web sources? Contact our data experts today!    


Subscribe to our newsletter for more news and updates!

By submitting you agree to's Privacy Policy and further marketing communications.
Subscribe to our newsletter for more news and updates!

Ready to Explore Web Data at Scale?

Speak with a data expert to learn more about’s solutions
Create your API account and get instant access to millions of web sources