Double check your Microsoft 365 and Google accounts - this VoidProxy phishing service is hitting them hard

• VoidProxy is a new phishing-as-a-service platform targeting Microsoft 365 and Google accounts
• Attacks begin from compromised email addresses and use fake login pages hosted on disposable domains
• Phishing kits now include automation, support, and GenAI-enhanced content, making campaigns more convincing and harder to detect

Cybercriminals are using a brand new phishing-as-a-service (PhaaS) platform called VoidProxy to steal people’s Microsoft 365 and Google accounts, including those defended by two layers of protection according to security researchers Okta, who spotted one of these campaigns recently, and described them as sophisticated and evasive.

A PhaaS kit is a ready-made solution that can be bought, or rented, even by non-technical, low-skilled cybercriminals, to launch successful phishing campaigns.

It’s essentially a plug-and-play solution for digital fraud, which includes fake website templates, email and SMS spoofing tools, a data harvesting backend, and various customization options. In some cases, the kits ...