One of the Most Prolific Phishing-as-a-Service Toolkits
Among numerous phishing platforms, Tycoon 2FA was not predominantly used to trick consumers with fake unpaid toll texts or urgent account alerts. Instead, it was mainly employed against paid organizational accounts.
Although financial services and healthcare industries have been traditional targets for fraud, the deployment of Tycoon 2FA appeared more haphazard. According to The Hacker News, this platform produced over tens of millions of phishing messages that led to breaches at over 100,000 organizations across various sectors, including schools and hospitals.
The global threat spawned by the toolkit prompted a coalition comprising public and private entities such as Europol, law enforcement agencies, Microsoft, cybersecurity firms, and Coinbase to work together in dismantling Tycoon 2FA. This effort resulted in shutting down 330 domains that formed the criminal network’s infrastructure.
International, coordinated efforts to disrupt organized cybercrime rings, including phishing-as-a-service networks, are essential,” said Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research. However, these actions yield only temporary victories, as new networks and models emerge rapidly in their place.”
How Tycoon 2FA Streamlined Cybercrimes
Before its shutdown, a monthly subscription to Tycoon 2FA could be obtained for around $350 on platforms like Telegram. This allowed users to access a dashboard for creating and monitoring phishing campaigns with templates and tools designed to simplify the process.
Similar to many phishing attacks today, these tools were used to craft messages mimicking popular services such as Outlook, SharePoint, and Gmail, aiming to capture sensitive data like login credentials or multi-factor authentication codes. Once stolen, this information was often transmitted in near real time to criminals.
The Threat of Phishing-as-a-Service Platforms
The proliferation of phishing-as-a-service platforms makes the process accessible to inexperienced actors and significantly expands the reach of their campaigns. These services are highly customizable, with Microsoft attributing much of Tycoon 2FA’s success to its ability to convincingly replicate legitimate authentication processes.
Furthermore, users could engage in ATO jumping, where after compromising an account, they sent phishing messages from that email address, making the communications appear trustworthy and linked to a trusted user. This single phishing message can quickly escalate into a significant problem for organizations on multiple fronts.
The law enforcement is always playing catch-up when it comes to combating cybercrime,” Goldberg stated. From a global perspective, U.S. consumers and businesses, which are often the primary targets of cybercrime, bear the brunt of this issue. In the case of Tycoon 2FA, most compromised targets were in the United States, followed by the United Kingdom and Canada.”
