A new phishing tool has hit the web, and will make it easier for scammers to fool users into giving up their details.

The Universal Man-in-the-Middle Phishing Kit allows hackers to set up a fraudulent website as they would in a normal phishing scam, but with a major difference: the fake site will connect to the legitimate target in real time. This means that users can sign in and check their balance, etc, without realising the 'man-in-the-middle' is logging all the data.

Although this is not a new exploit, the kit allows non-expert hackers to perform it, and can easily be configured for different targets. It is also unusually competent at logging confidential data - apparently it will record any type of credentials the user submits, rather than basic login and card-related credentials.