Tag: phishing as a service
14 articles

Forg365 Phishing Service Targets Microsoft 365 with Advanced Device Code Theft
Meet Forg365, a sophisticated phishing service that's targeting Microsoft 365 users with advanced device code theft capabilities, offering a disturbingly user-friendly operator panel and a subscription-based model starting at just $400 a month. This illicit toolkit is being sold on Telegram, putting sensitive data at risk with its legitimate email delivery infrastructure and AI-powered email generation.

Forg365 Phishing Platform Exploits AI to Target Microsoft 365 Accounts
Meet Forg365, a sneaky new phishing platform that uses AI to make it easy for hackers to target Microsoft 365 accounts and steal sensitive info. This phishing-as-a-service operation offers a range of tools, including AI-generated lures, to help cybercriminals launch convincing attacks.

Google Sues Chinese Scammers Over Gemini AI Misuse
Google is taking a stand against scammers, suing a group called Outsider Enterprise that uses its Gemini AI feature to create fake websites and scam people through text messages. The group, which operates on Telegram, offers phishing-as-a-service, making it easy for non-tech-savvy scammers to target victims.

ARToken Phishing Platform Exposes EvilTokens' Microsoft 365 Toolkit
Cisco Talos researchers have uncovered a sophisticated phishing platform, ARToken, that offers a Microsoft 365 toolkit and goes far beyond traditional credential-harvesting pages, exposing over 80 API endpoints. This phishing-as-a-service operation is a game-changer in the world of cyber threats.

Phishing Kit Unveils Sophisticated BEC-as-a-Service Capabilities
Meet ARToken, a sophisticated phishing kit that's redefining the threat landscape with its Business Email Compromise (BEC)-as-a-Service capabilities, allowing attackers to launch highly targeted and convincing scams. This advanced platform is a game-changer, offering a complete BEC operations environment that's far more complex than your average phishing kit.

Bluekit Phishing Kit Enhances Login Theft with Browser-in-the-Middle Tactics
Bluekit's phishing kit just got a sinister upgrade, now using browser-in-the-middle tactics to steal logins in real-time. This move has led to a massive expansion of its infrastructure, with nearly 70 new hostnames appearing in just one week.

Google Disrupts Chinese Smishing Network Tied to AI-Generated Phishing Attacks
Google just took down a massive Chinese smishing network that used AI-generated phishing pages to scam millions of mobile users, and is now suing to dismantle the operation for good. The tech giant is teaming up with major carriers like AT&T, T-Mobile, and Verizon to block the fraudulent texts and shut down the Phishing-as-a-Service business.

INTERPOL Disrupts Sniper Dz Phishing Platform in Global Operation
In a major global crackdown, INTERPOL dismantled the notorious Sniper Dz phishing platform, a hub for cybercriminals to buy and use ready-made phishing kits, in a coordinated effort that resulted in 201 arrests across 13 countries. The operation, dubbed Operation Ramz, dealt a significant blow to the phishing-as-a-service industry.

Interpol Disrupts SniperDz Phishing-as-a-Service Platform
In a major blow to cybercrime, Interpol has dismantled the notorious SniperDz Phishing-as-a-Service platform, a significant player in the global phishing landscape. This success is a testament to the power of cross-border collaboration, with 13 countries joining forces to bring down the operation.

FBI Warns of Kali365 Phishing Kit's OAuth Token Heist
The FBI has sounded the alarm on Kali365, a phishing-as-a-service platform that's making it easy for even novice hackers to steal Microsoft 365 login credentials and bypass security measures like multifactor authentication. This subscription-based service, mainly spread through Telegram, provides attackers with AI-generated phishing lures, campaign templates, and real-time tracking tools to target individuals and organizations.

Chinese PhaaS Ecosystem Evolves, Threatens Global Financial Security
The game has changed in the world of phishing: attackers are now using Phishing as a Service (PhaaS) to intercept one-time passcodes and tokenize payment cards, giving them direct control over victims' financial accounts. This sinister shift threatens global financial security, allowing attackers to tap into accounts in real-time.

FBI Warns of Kali365 Phishing Kit Targeting Microsoft 365 Users
The FBI is sounding the alarm on Kali365, a phishing kit that makes it easy for attackers to target Microsoft 365 users with AI-generated scams, automated templates, and real-time tracking. This powerful tool is lowering the bar for cybercriminals, allowing less tech-savvy attackers to launch sophisticated phishing campaigns.

OAuth Grants Expose Hidden Risk Below MFA Perimeter
In just five weeks, a phishing-as-a-service platform called EvilTokens compromised over 340 Microsoft 365 organizations across five countries by exploiting a clever trick: instead of stealing passwords, it convinced users to hand over OAuth refresh tokens, granting attackers long-term access to sensitive data like mailboxes, drives, and calendars. This sneaky tactic allowed hackers to bypass traditional security measures, including multi-factor authentication.

VENOM Phishing Attacks Target C-Suite Microsoft Logins
A new phishing-as-a-service platform called VENOM is making it alarmingly easy for hackers to target senior executives, specifically seeking their Microsoft logins. This compact toolkit is putting the keys to the corner office within reach of any motivated adversary, leaving security teams scrambling to respond.