Microsoft’s security team has detected a large-scale operation that provides built-in hosting and email-sending phishing services to cybercriminals via a portal dubbee BulletProofLink. Array of phishing templates available for evading detections

The phishing-as-a-service operation,involves cybercriminals paying an operator to develop and deploy phishing campaigns. The monthly service costs as much as $800. Once after the payment, the operator can set up a web page to host a phishing site, install a phishing template on the site, configure the domain, send emails to victims, collect credentials from attacks and deliver the stolen details to the criminals.

The service even provides customers with tutorials on how to perfect their phishing scams. It has more than 100 phishing templates available that mimic legitimate brands and services.

Microsoft’s security team also found that phishing-as-a-service operations can double-cross their own criminal customers. Stolen credentials can be sent to both the operator and its clients, resulting in a “double theft”.

It added that the service is being used “by multiple attacker groups in either one-off or monthly subscription-based models”, creating a steady revenue stream for its operators.

Microsoft 365 Defender now recognises and can defend against the BulletProofLink phishing campaigns with its Sandboxing capabilities.