The Indonesian cybercrime gang Cyber Army has expanded its phishing-as-a-service offering, dubbed 16Shop, enabling users to target PayPal and American Express customers.

This criminal operation was first picked up by McAfee in November 2018 and has primarily targeted Apple owners and Amazon customers for its phishing attacks, but now ZeroFOS’s Alpha Team has proof 16hop has added PayPal and American Express. This information was obtained from phishing kit from the gang picked up by Alpha Team researchers, the company said.

The phishing emails are designed to obtain as much PII as possible. The email note itself generally informs the target their account has been breached or compromised in some manner and the alleged company needs to confirm their account details, including login credentials and payment card data.

The kits themselves are designed for non-technical users.

“The goal of phishing kits is to make this experience seamless, so not-so-technical kit operators can deploy phishing pages without needing to understand the underlying protocols behind managing this infrastructure. This kit also merges dashboard functionality regardless of the scam page an operator buys, so the operator gets an integrated experience whether they purchase one or multiple kits,” the company said.