
Microsoft 365 Users Face New $400/Month Phishing Threat
A new phishing service called Forg365 makes it easy for criminals to steal Microsoft 365 accounts using AI-powered fake emails and session hijacking.
Source
GetCyberRight Intelligence
Original headline: Forg365 PhaaS Targets Microsoft 365 Accounts
Plain-English summary by GetCyberRight. Read the full report at the source above.
What's Happening
A new phishing service called Forg365 is targeting Microsoft 365 accounts with surprisingly sophisticated attacks. Unlike traditional hackers who need technical skills, anyone can now launch these attacks for just $400 per month through a simple Telegram subscription. This represents a dangerous shift in cybersecurity: professional-grade phishing tools are now available to anyone with a credit card.
The Details
Forg365 operates as a Phishing-as-a-Service (PhaaS) platform, which means it provides all the tools criminals need to steal Microsoft 365 credentials in one convenient package. Think of it like a Netflix subscription, but for cybercrime. Attackers don't need to build fake websites or write convincing emails anymore. The service does it all for them.
What makes Forg365 particularly dangerous is its use of AI-generated lure messages. These aren't the clumsy, misspelled phishing emails from years past. The AI creates convincing messages that look like legitimate requests from your IT department, your boss, or Microsoft itself. The emails are grammatically correct, use proper formatting, and include realistic urgency.
The service also uses session hijacking, a technique that steals your active login session rather than just your password. This means that even if you have two-factor authentication (2FA) enabled, attackers can potentially bypass it. Once they steal your session, they're logged in as you, with full access to your emails, files, and company data.
Who Is Affected
If you or anyone in your household uses Microsoft 365 for work, school, or personal email, you're a potential target. This includes people using Outlook, OneDrive, Teams, or any Microsoft cloud service. Small business owners and remote workers face particular risk because they often lack enterprise-level security protections.
Professionals who handle sensitive information, financial data, or customer records should be especially alert. A compromised account could expose not just your data, but also information belonging to clients, colleagues, and your entire organization. The low cost and ease of use means more criminals will try these attacks against more targets.
What You Should Do Right Now
Enable multi-factor authentication (MFA) on your Microsoft 365 account. Go to account.microsoft.com, select Security, and turn on two-step verification. Choose an authenticator app rather than SMS when possible.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Review your Microsoft sign-in activity today. Visit your account security page and check for unfamiliar devices or locations. Sign out all sessions if you see anything suspicious.
Never click links in emails asking you to verify your account or reset your password. Instead, type the website address directly into your browser or use your bookmarks.
Watch for urgent language or time pressure in emails. Phrases like "verify within 24 hours" or "immediate action required" are common phishing tactics, even when the email looks legitimate.
Use a password manager and create unique passwords for every account. If one account is compromised, others remain protected. Microsoft offers a built-in password manager in Edge, or consider standalone options.
The Bigger Picture
The rise of Phishing-as-a-Service platforms like Forg365 signals a troubling trend: cybercrime is becoming industrialized. Just as legitimate businesses offer software subscriptions, criminals now offer crime subscriptions. This lowers the barrier to entry and increases the volume of attacks we all face. Staying informed about these evolving threats isn't optional anymore. It's essential for protecting your digital life and your family's security.
How GetCyberRight Can Help
Our Cloud Account Takeover Intelligence tool tracks emerging threats like Forg365 in real time. We monitor phishing-as-a-service platforms, analyze new attack techniques, and translate complex threats into actions you can take today. You don't need to become a security expert. You just need trusted information when it matters most. That's what we're here for.
Curated from trusted cybersecurity sources by GetCyberRight
Source: GetCyberRight IntelligenceStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
Russian Hackers Target Network Devices: What Small Businesses Need to Know
CISA warns Russian state hackers are targeting routers and firewalls in critical infrastructure. Here's what small business owners should do right now.
3 min readRussian Hackers Target Network Devices: What Families Need to Know
CISA warns that Russian hackers are actively attacking routers and firewalls in critical infrastructure. Here's what this means for your family's safety.
3 min readUrgent Alert: Hackers Exploiting Popular Joomla Website Extensions
CISA warns that attackers are actively exploiting two Joomla extensions to take control of websites. If your small business uses Joomla, act now.
3 min readUrgent: Popular Website Extensions Under Attack by Hackers
CISA warns that hackers are actively breaking into websites using flawed Joomla extensions. If you run a small business website, you need to act now.
4 min read