
Phishing for dummies: Forg365 lowers barrier to M365 account takeovers
A newly documented phishing-as-a-service platform distributed through Telegram is lowering the technical barrier to Microsoft 365 account takeovers by giving less-skilled attackers automated tools to evade some authentication controls and retain access after compromise.
The platform, called Forg365, uses AI-assisted lure creation alongside device-code abuse and adversary-in-the-middle techniques, according to research published by security company ZeroBEC.
Forg365 was offered with a five-day free trial, followed by subscriptions priced at $400 per month or $3,800 per year, the researchers said.
Customers can build phishing lures and control email delivery through a single operator panel. The...