Updated
Updated · Computerworld · Jul 14
Forg365 Sells Microsoft 365 Takeover Kits for $400 a Month With AI Lures
Updated
Updated · Computerworld · Jul 14

Forg365 Sells Microsoft 365 Takeover Kits for $400 a Month With AI Lures

3 articles · Updated · Computerworld · Jul 14

Summary

  • ZeroBEC documented Forg365, a Telegram-distributed phishing service that lets less-skilled attackers hijack Microsoft 365 accounts through a single operator panel and a five-day free trial.
  • The platform uses AI-generated lures, device-code abuse and adversary-in-the-middle flows, then filters visitors to show either a phishing page or a benign decoy to evade researchers and security tools.
  • A browser extension called ForgCookie can generate and refresh Microsoft single sign-on cookies, meaning attackers may keep mailbox access even after a password reset and can share read-only inbox access by link.
  • Researchers urged companies to restrict device-code authentication, deploy phishing-resistant MFA such as FIDO2 or passkeys, and after compromise revoke refresh tokens, kill sessions, review OAuth grants and audit newly registered devices.
  • The case highlights how phishing-as-a-service is becoming more industrialized, packaging lure creation, evasion and post-compromise mailbox operations into a subscription product.

Insights

As phishing becomes a subscription service, is any company using Microsoft 365 truly prepared for what's next?
When AI writes flawless phishing emails, how can anyone be expected to spot the next sophisticated scam?

Forg365 Exposed: The Next Generation of Phishing-as-a-Service and the Escalating Threat to Microsoft 365

Overview

Forg365 is a new Phishing-as-a-Service (PhaaS) platform that emerged in mid-2026, marking a major shift in cybercrime. It stands out by deeply integrating artificial intelligence and automation, making advanced phishing attacks easier for even low-skilled threat actors. Forg365’s subscription model and distribution through channels like Telegram lower the entry barrier for cybercriminals. Its AI-powered features allow users to launch convincing phishing campaigns with minimal effort, especially targeting Microsoft 365 accounts. This evolution shows how phishing is becoming more industrialized and accessible, raising the risk and impact of attacks for organizations and individuals alike.

...