CISOOnline

Phishing for dummies: Forg365 lowers barrier to M365 account takeovers

Customers can build phishing lures and control email delivery through a single operator panel. They can also manage captured account data and monitor compromised Microsoft 365 mailboxes. The service includes templates that impersonate widely used business platforms such as DocuSign, Adobe Acrobat Sign, SharePoint, and OneDrive.

“Phishing-as-a-service has been around for quite a few years,” said Jonathan Ong, senior analyst for managed security services at Omdia. “But the degree to which AI is integrated into Forg365 and enables users is what makes it concerning.”

Forg365’s significance lies in the industrialization and productization of the operator workflow, according to Devashri Datta, a cybersecurity researcher. “It integrates AI-assisted lure creation, evasion, and post-compromise mailbox operations into a subscription service distributed through Telegram,” Datta said.



Source link