Scam Radar

How can you recognize Forg365 PhaaS: AI Powered Phishing Platform Targets Microsoft 365 Accounts?

Published

Listen to the episode

TLDR

A new phishing as a service platform called Forg365 is helping scammers steal Microsoft 365 credentials using adversary in the middle (AiTM) proxies and Microsoft device code authentication flows, combined with AI generated lures. Sold to...

How it works

A new phishing as a service platform called Forg365 is helping scammers steal Microsoft 365 credentials using adversary in the middle (AiTM) proxies and Microsoft device code authentication flows, combined with AI generated lures. Sold to...

Red flags

  • : Unexpected Microsoft 365 login prompts or device code approval requests you did not personally initiate Sign in emails with links that look legitimate but redirect through unknown proxy servers Microsoft security alerts for sign ins from unfamiliar locations, IPs, or browsers

What to do

  1. 1: Enable multi factor authentication using an authenticator app and avoid SMS based codes where possible Never approve a Microsoft device code sign in request you did not personally trigger
  2. 2cancel and change your password if one appears unexpectedly Report suspicious M365 prompts to your IT admin and review recent sign in activity in your account security page

Source

FAQ

Is Forg365 PhaaS: AI Powered Phishing Platform Targets Microsoft 365 Accounts a real scam pattern?

Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.

What are the first warning signs?

: Unexpected Microsoft 365 login prompts or device code approval requests you did not personally initiate Sign in emails with links that look legitimate but redirect through unknown proxy servers Microsoft security alerts for sign ins from unfamiliar locations, IPs, or browsers

What should I do first?

: Enable multi factor authentication using an authenticator app and avoid SMS based codes where possible Never approve a Microsoft device code sign in request you did not personally trigger; cancel and change your password if one appears unexpectedly Report suspicious M365 prompts to your IT admin and review recent sign in activity in your account security page

Can LegalAudit check my case?

Yes. Start a free chat and paste the message, link, sender, or payment details for triage.