Phishing-as-a-service
Coverage of Phishing-as-a-service in the Nexus archive.
- FBI disrupts massive AI-powered phishing service using a million URLs
The FBI, in collaboration with Google and Black Lotus Labs, dismantled a Chinese phishing-as-a-service operation called Outsider Enterprise, which used AI-powered phishing websites to steal credit card data and passwords. The operation involved thousands of phishing websites and a million URLs.
- FBI warns about fast-growing phishing kit targeting Microsoft 365 users
The FBI warns about Kali365, a phishing-as-a-service platform targeting Microsoft 365 users by bypassing multi-factor authentication through OAuth device code phishing. The tool enables cybercriminals to steal access tokens, leading to data theft, ransomware, and other attacks. Researchers note its rapid growth, AI-driven tactics, and low barriers for less-technical attackers.
- ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
Starkiller is a new phishing service that dynamically loads real login pages and forwards user credentials to attackers, offering real-time session monitoring and account takeover capabilities.