PHISHING EVOLVES INTO SCALABLE CYBERCRIME BUSINESS, SAYS RO'YA HATAMLEH

Phishing has evolved from opportunistic scams into a highly industrialised cybercrime model, driven by automation, artificial intelligence, and subscription-based criminal services.

One of the most prominent examples is Raccoon0365, a phishing-as-a-service (PhaaS) operation that enabled large-scale credential theft across nearly 100 countries by lowering the technical barriers for cybercriminals.

Microsoft recently led a coordinated global takedown of Raccoon0365, seizing hundreds of domains and disrupting its infrastructure. The operation highlights both the growing sophistication of phishing campaigns and the importance of intelligence-led, collaborative defence in combating cybercrime at scale.

Ro'ya Hatamleh, Security Cloud Commercial Solutions, EMEA HQ – Middle East and Africa at Microsoft, spoke to Sandhya D'Mello, Technology Editor, CPI Media Group, about how the PhaaS model works, why cloud-first regions such as the Middle East face heightened risk, and how organisations can defend themselves against Al-driven phishing through strong identity security, Zero Trust principles, and continuous awareness.

Interview excerpts:

How does the phishing-as-a-service model like Raccoon0365 work, and why is it so powerful?

Raccoon0365 is a prime example of phishing-as-a-service (PhaaS), essentially a criminal subscription model. Even attackers with minimal technical skills can run large-scale phishing campaigns simply by paying a subscription fee. Once subscribed, they gain access to ready-made tools, templates, and email kits that mimic Microsoft 365 login pages, complete with convincing branding.

What makes it powerful are three key points:

• Scalability & Automation: Our investigation showed that Raccoon0365 could target up to 9,000 email addresses per day. Since July 2024, it was used to steal over 5,000 user credentials across 94 countries.