Phishing-as-a-Service explained: AI, Deepfakes & Defense

Phishing is moving away from broad, high-volume email blasts and toward more targeted attacks that can still be run at scale. Ready-made phishing kits now allow relatively inexperienced attackers to achieve a level of effectiveness that used to be associated mainly with advanced persistent threats (APTs) and state-backed groups.

The impact of this problem is getting worse: the 2024 IBM/Ponemon Cost of a Data Breach study reports that the average annual cost of phishing incidents increased by nearly 10% to $4.88 million, one of the most significant jumps since the pandemic. At the same time, deepfake technology is opening new paths for fraud: Right Hand Cybersecurity reports a 680% year-over-year increase in synthetic media activity, enabling attacks that can bypass traditional verification protocols. Over 3.4 billion phishing emails circulate daily (about 1.2% of global email traffic) and Google blocks around 100 million of them each day. The Anti-Phishing Working Group logged 1,003,924 attacks in Q1 2025 alone, the highest level since late 2023. Phishing remains a primary driver of real-world damage, contributing to 36% of U.S. data breaches and playing a role in over 80% of cyberattacks; average breach costs sit at $4.88 million, business email compromise losses reach $2.7 billion annually, and ransomware (often initiated through phishing) appears in 44% of breaches.

In this article, we are going to cover the most important aspects regarding how phishing changed in the past years with new apporaches like Phishing-as-a-Service and the usage of AI. In particular these are the questions we are going to cover in the article:

1. What is Phishing-as-a-Service (PhaaS)?

2. What role does artificial intelligence play in modern phishing attacks?

3. How can organizations defend against modern phishing (technical controls, human risk management, and governance/policy)?

Cybercrime is no longer reserved for expert hackers. The rise of Phishing-as-a-Service (PhaaS) has made technical skill way less necessary for launching successful attacks. By mimicking the business models of legitimate software companies, offering subscriptions, customer support, and regular updates, criminal developers have made phishing accessible to almost anyone.

The PhaaS market has matured into a tiered ecosystem. At the entry level, novice attackers ("script kiddies") can rent access to sophisticated infrastructure for low fees, while advanced operators can purchase "enterprise" tiers that offer dedicated hosting and custom evasion capabilities.

This economic structure has led to a massive spike in activity. In the first two months of 2025 alone, over one million PhaaS-based attacks were detected, signaling a robust and expanding user base for these criminal services. The marketplace for these kits is primarily hosted on Telegram, which serves as an encrypted, high-availability control plane for sales and support.

Analysis of the most popular PhaaS Platforms (2025)

Tycoon 2FA is a sophisticated Phishing-as-a-Service (PhaaS) platform designed to bypass two-factor (2FA) and multi-factor authentication (MFA). It primarily targets Microsoft 365 and Gmail accounts using an "Adversary-in-the-Middle" (AiTM) technique. By early 2025, Tycoon 2FA became the main player in the market, accounting for nearly 9 out of 10 phishing incidents. Its success is driven by its ability to stay invisible to modern security filters. In a major 2025 update, developers replaced older tactics with advanced encryption to hide their malicious code.

Specifically, they now use a "Caesar cipher" to scramble the code and insert invisible "Hangul Filler" characters (Unicode 3164). These characters are hidden from the user but serve to confuse the automated scanners that look for digital "signatures" of known threats. To distribute these kits, Tycoon uses a "Living off the Land" strategy, hosting its traps on trusted, high-reputation services like Amazon S3, Canva, and Dropbox.

Because Secure Email Gateways (SEGs) are programmed to trust these famous domains, the phishing emails often bypass filters entirely. Finally, to ensure they aren't being watched by security bots, the attackers send users through a complex chain of redirects and Cloudflare CAPTCHAs before they ever see the fake login page.

The defining capability of modern PhaaS kits is the Adversary-in-the-Middle (AiTM) attack. This technique renders traditional credential harvesting obsolete by intercepting the live authentication session, thereby bypassing Multi-Factor Authentication (MFA).

The architecture of an AiTM attack differs fundamentally from a clone site.

1. Proxy Initiation: When a victim accesses the phishing URL, the PhaaS server (acting as a reverse proxy) initiates a connection to the legitimate Identity Provider (IdP), such as login.microsoftonline.com.

2. Traffic Mirroring: The proxy retrieves the legitimate login content and forwards it to the victim. The victim sees the real Microsoft login page, albeit rendered on a malicious domain.

3. Real-Time Relay: As the victim enters their credentials, the proxy captures them and forwards them to the IdP.

4. MFA Interception: When the IdP requests the second factor (e.g., an SMS code or Authenticator prompt), the proxy mirrors this request to the victim.

5. Session Theft: The victim provides the MFA token. The proxy forwards it to the IdP. The IdP validates the session and issues a session cookie (e.g., ESTSAUTH or ESTSAUTH_PERSISTENT).

6. The Breach: Crucially, the proxy intercepts this session cookie. It does not pass it back to the victim (or passes a copy while keeping the original). The attacker now possesses a valid, authenticated session cookie that allows them to access the victim's account from any device, bypassing the need for a password or MFA token, until the token expires.

Kits like Sneaky 2FA have further refined this by offering administrative panels that allow attackers to manually intervene in the session, effectively managing the attack in real-time.

Taking down PhaaS infrastructure is very difficult due to its decentralized nature. While the core "admin" panels may be hosted on servers in jurisdictions with loose cyber laws, the "edge" nodes (the actual phishing pages) are short-lived. Tycoon 2FA, for instance, uses a Domain Generation Algorithm (DGA) to spin up thousands of disposable domains. Cloudflare Turnstile also blocks security scanners and makes phishing sites look official. Since people are used to seeing these checks on real websites, they are more likely to trust the page.

Tycoon 2FA pages are often distributed via "Quishing" (QR Code Phishing). The QR code contains the malicious URL, effectively keeping the threat from email security scanners that cannot parse the image data. This vector has seen a 25% year-over-year increase, specifically targeting mobile devices which often lack the endpoint protection controls of corporate workstations.

If PhaaS provided the infrastructure for mass exploitation, Artificial Intelligence has provided the intelligence and content. The integration of Generative AI (GenAI) into the cybercrime lifecycle has solved the two greatest challenges for attackers: scale and believability. The days of "poor grammar" and "generic greetings" acting as reliable indicators of phishing are over.

A significant development in 2025 is the emergence of "vibe scamming." This trend exploits the "vibe coding" ideal, where users build software using natural language prompts, to generate malicious assets.

Legitimate platforms like Lovable, designed to democratize software creation, have become engines for cybercrime. Guardio Labs conducted a benchmark of AI agents' resistance to abuse, finding that while established models like ChatGPT scored relatively high (8/10) in refusing malicious requests, newer platforms like Lovable scored alarmingly low (1.8/10). Attackers can simply prompt these tools e.g., "Create a login portal that feels like a major bank, uses official blue and red branding, and has fields for social security numbers", and the AI generates pixel-perfect, fully functional phishing code.

This capability allows attackers to bypass the "template fatigue" of older PhaaS kits. Instead of using a standard Microsoft template that defenders have fingerprinted, a vibe scammer can generate a unique, adapted login page for every single campaign, or even for every single victim. Proofpoint observed tens of thousands of Lovable-generated URLs distributing Tycoon and other malware in early 2025, confirming that this is not a theoretical threat but a massive, active vector.

Beyond generating content, AI is now also being used to execute attacks. This shift from Generative AI to "Agentic AI" represents a key moment for social engineering:

An incident occurred in late 2024 involving a Chinese state-sponsored group. This adversary utilized Anthropic's "Claude Code" agent (intended for automated software development) to conduct a large-scale cyber espionage campaign. By bypassing its ethical guardrails, the attackers were able to task the AI with high-level objectives. The AI agent autonomously performed reconnaissance, wrote custom exploit code to target specific vulnerabilities, harvested credentials, and moved across networks.

This force-multiplication allows a small team of operators to target hundreds of organizations simultaneously with the depth and persistence of a dedicated human red team.

Experiments conducted by Hoxhunt between 2023 and 2025 reveal the rapid evolution of AI capabilities.

• 2023: AI-generated phishing was 31% less effective than human experts.

• 2024: The gap narrowed to 10%.

• March 2025: AI agents became 24% more effective than elite human social engineers.

Furthermore, studies indicate that AI-supported spear phishing campaigns can achieve click-through rates exceeding 50%, compared to much lower rates for generic campaigns. The cost reduction is equally also dramatic. AI-driven campaigns cost roughly 1/30th of manual campaigns while delivering superior results.

One of the most direct impacts of AI on security is the rise of deepfakes, highly realistic, computer-generated audio and video. These tools are designed to trick our senses, making it difficult for people to trust their own eyes and ears when trying to verify a person's identity. The 2024 theft of $25 million from the engineering firm Arup serves as the definitive case study for this new era of fraud.

The Arup Incident ($25 Million Loss)

• The Setup: An employee at Arup's Hong Kong office received an email pretending to be from the UK-based Chief Financial Officer (CFO), requesting a confidential financial transaction. The employee, suspicious of the request, paused. This is the correct procedure in a standard security awareness model.

• The Bypass: To alleviate the employee's concerns, the attackers initiated a video conference call.

• The Deception: The employee joined the call to find not just the CFO, but several other known colleagues. All of them were deepfakes, AI-generated avatars driven by real-time voice cloning and facial reenactment technology. The visual and auditory confirmation provided by the "CFO" and the social proof of the other "colleagues" completely overwhelmed the employee's defenses.

• The Result: Convinced they were acting on legitimate orders, the employee authorized 15 wire transfers totaling 200 million Hong Kong dollars ($25.6 million USD) to fraudulent accounts.

Deepfake technology has become commoditized. Dark web marketplaces now offer "Deepfake-as-a-Service" for as little as $50 for video and $30 for voice cloning. The technology has advanced to support real-time interaction with low latency, making live phishing calls feasible. Deepfake pishing attacks have surged by 1,633% in the first quarter of 2025 alone.

While often overshadowed by AI, "Quishing" (QR Code Phishing) has grown in parallel, leveraging the mobile security gap. Attacks using malicious QR codes increased by 25% year-over-year.

The mechanics of Quishing are designed to bypass corporate defenses:

1. Embed: The attacker embeds a QR code in a PDF attachment or the body of an email.

2. Bypass: The Secure Email Gateway (SEG) scans the text of the email. Since the malicious URL is encoded within the image, the SEG often fails to extract and analyze it.

3. Target: The user scans the code with their personal smartphone. This device typically lacks the corporate Endpoint Detection and Response (EDR) agents or web filtering present on their work laptop.

4. Execute: The phone's browser navigates to the phishing site (often a Tycoon 2FA portal), where the user enters their corporate credentials.

Attackers are increasingly using AI to generate "artistic" QR codes that blend into marketing materials, further lowering user suspicion.

The impact of these threats is not uniform. Different sectors face distinct variations of PhaaS and AI-driven attacks based on their asset value and operational cadence.

The financial sector remains the most targeted industry, accounting for the highest volume of phishing attacks.

• VibeScamming Portals: Attackers use tools like Lovable to create ephemeral, high-fidelity clones of regional bank login portals. These sites are often live for less than 24 hours, making takedowns ineffective.

• Deepfake Verification Fraud: A growing trend involves attackers using voice cloning to pass telephone banking security verification. By impersonating the account holder, they authorize transfers or reset passwords. Senior citizens have seen a 40% rise in vishing attacks, highlighting the predatory nature of these campaigns.

For healthcare, phishing is primarily an initial access vector for ransomware.

• Cost Impact: The average cost of a breach in healthcare is $9.77 million, the highest of any industry.

• Operational Lures: Attackers target hospital staff with lures related to "Shift Scheduling," "Patient Portal Admin," or "Payroll Updates." The urgency of clinical environments makes staff highly susceptible to these operational lures.

• Supply Chain: Attacks often originate from compromised vendor accounts (e.g., medical device suppliers), leveraging the trusted relationship to bypass suspicion.

Manufacturing organizations saw the highest number of ransomware incidents in 2024, defying the global downward trend.

• Legacy Tech: Manufacturing often relies on legacy Operational Technology (OT) and older Windows systems, making them vulnerable to known exploits once initial access is gained via phishing.

• Brand Impersonation: Retailers face "Brandjacking," where attackers use AI to generate fake product reviews, fraudulent invoices, and spoofed shipping notifications (e.g., "Your package is delayed") to phish consumers.

• The APAC Surge: The Asia-Pacific region experienced a 13% increase in attacks in 2024, largely driven by attacks on manufacturing hubs crucial to the global supply chain.

The defenses of the past decade (signature-based detection, blacklists, and basic user training) are failing against AI-driven, proxy-based attacks. A shift to Identity-Centric Defense and Behavioral Analysis is required.

To address the problems of phishing a few vectors must be addressed at the same time

• Defense: Administrators must enforce Conditional Access Policies that block legacy authentication methods. If a user's browser attempts to downgrade to a password/SMS flow, the login must be blocked.

• Highest Encryption: FIDO Passkeys offer the highest protection as they physically bind the credential to the device, making remote replay attacks nearly impossible.

• Computer Vision: Security tools must analyze the rendered appearance of a webpage. Even if the code is obfuscated with Caesar ciphers, the rendered page looks like a Microsoft login. Computer vision models can identify this visual similarity and block the site.

• Behavioral Baselines: Platforms like Check Point and Proofpoint are moving toward behavioral baselines. They analyze the intent and context of emails (e.g., "Is it normal for the CFO to ask for a wire transfer at 11 PM on a Sunday?"). Anomalies trigger alerts regardless of the sender's reputation.

• Deepfake Drills: Security awareness training must now include exposure to deepfake audio and video. Employees need to experience the quality of these fakes in a safe environment to understand the threat.

• The "Challenge-Response" Protocol: Organizations should implement an out-of-band verification protocol for financial transactions. If a video call requests a fund transfer, the employee must verify it via a secondary channel (e.g., an encrypted chat app or a phone call to a known internal number).

• Reporting Culture: The most effective metric for security culture is the reporting rate. World-class organizations achieve reporting rates above 20%. Organizations with effective training programs can reduce phishing susceptibility by 86% over one year.

• SEC Disclosure: The new SEC cybersecurity disclosure rules (Form 8-K) require rapid reporting of material incidents. The F5 Networks breach in 2024/2025, attributed to a nation-state actor, highlighted the complexity of these disclosures, where the Department of Justice may request delays for national security reasons.

• NIS2 Directive: In Europe, the NIS2 directive mandates strict incident reporting and risk management measures, forcing organizations to take ownership of supply chain risks, including those introduced by phishing.

By replacing passwords and OTP-based MFA with phishing-resistant, FIDO-based passkeys, Corbado ensures that authentication is cryptographically bound to the user’s device and origin, rendering adversary-in-the-middle attacks and session replay ineffective. Passkeys cannot be reused, proxied, or exfiltrated, even by highly sophisticated PhaaS kits like Tycoon 2FA.

Corbado is designed for real-world enterprise environments: it integrates into existing authentication stacks, supports gradual rollouts, and enables strong MFA without adding user friction. The result is measurably higher security, better login success rates, and a durable defense against AI-driven phishing at scale.

The trajectory of the phishing threat landscape points toward autonomous adaptation. We are moving beyond "automated" attacks to "autonomous" ones. Future AI agents will not just execute a pre-defined script; they will learn from the defender's response. If a defender blocks an IP, the AI will rotate it. If a defender patches a vulnerability, the AI will rewrite the exploit.

In this article we also answered the following key questions:

1. What is Phishing-as-a-Service (PhaaS)? Phishing-as-a-Service is a criminal SaaS-style ecosystem in which ready-made phishing kits, infrastructure, and support are sold via subscriptions, allowing even low-skill attackers to launch highly effective, scalable attacks, often capable of bypassing MFA through adversary-in-the-middle techniques.

2. What role does artificial intelligence play in modern phishing attacks? Artificial intelligence enables phishing to scale and adapt by generating highly believable, bespoke lures (“vibe scamming”), powering autonomous agentic attacks, and enabling real-time deepfake audio and video fraud that can defeat human verification and traditional security controls.

3. How can organizations defend against modern phishing (technical controls, human risk management, and governance/policy)? Organizations must combine phishing-resistant, hardware-backed authentication (e.g., FIDO passkeys) and behavioral/visual AI detection with human risk management such as deepfake awareness and out-of-band verification protocols, reinforced by strong governance and compliance with incident-reporting and supply-chain risk regulations (e.g., SEC rules and NIS2).