Watch out for Phishing-as-a-Service (PhasS)!

Darkreading.com reported that “In a blog post, Microsoft said its Digital Crimes Unit used a court order granted by the Southern District of New York to seize 338 websites associated with the service. In a blog post, Microsoft described RaccoonO365 as "the fastest-growing tool used by cybercriminals to steal Microsoft 365 usernames and passwords."” The September 17. 2025 article entitled " Microsoft Disrupts 'RaccoonO365' Phishing Service” (https://www.darkreading.com/application-security/microsoft-disrupts-raccoono365-phishing-service) included these comments from Steven Masada, blog post author and assistant general counsel of Microsoft's Digital Crimes Unit:

RaccoonO365 was used to target more than 2,300 organizations in the US as part of a tax-themed phishing campaign, and Microsoft said its kits were used to target at least 20 US healthcare organizations. "This puts public safety at risk, as RaccoonO365 phishing emails are often a precursor to malware and ransomware, which have severe consequences for hospitals,"

A subscription allows a user to input up to 9,000 email addresses to target with automated phishing attacks, while advertising other services such as spam and email security filter bypassing as well as full infrastructure support. Interestingly, the service advertised that in order to steal Microsoft credentials, it leveraged Microsoft services such as Azure.

Watch out!