Microsoft led a coordinated global takedown of Tycoon2FA, one of the largest phishing-as-a-service operations worldwide, seizing 330 domains via a US court order. By mid-2025, Tycoon2FA accounted for ~62% of all phishing attempts Microsoft blocked, intercepting over 30 million emails in a single month and affecting an estimated 96,000 victims since 2023. The service used reverse-proxy techniques to bypass MFA by intercepting session cookies and credentials in real time, then sold access to criminals starting at $120 for 10 days. Experts caution that the takedown is temporary relief, as similar tools like EvilProxy and open-source kits remain active. Defenders are urged to adopt phishing-resistant MFA (FIDO2/WebAuthn, passkeys), enforce DMARC/DKIM/SPF, use client-bound session tokens, and monitor for man-in-the-middle indicators.
Sort: