Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    The Phishing-as-a-Service Economy is Thriving

    KnowBe4 Team | Feb 5, 2026

    Phishing Attacks Source of Identity-Related BreachesCommodity phishing platforms are now a central component of the cybercriminal economy, according to researchers at Flare. These platforms allow threat actors of all skill levels to carry out advanced attacks at scale.

    “Modern kits often include advanced features such as reverse proxy, real-time MFA bypass, dynamic logo replacement, bot detection, Telegram exfiltration, and automated victim tracking, making them one of the most widely used and scalable tools in the cybercrime ecosystem,” Flare says.

    “A newer evolution of this model is Phishing-as-a-Service (PhaaS), where operators sell subscriptions to ready-made phishing infrastructures, so customers never touch the underlying code. Such service often includes hosting services, lures, dashboards, and automatic updates. This turns phishing into a scalable, low-skill, high-impact service economy, dramatically increasing the volume and sophistication of global phishing campaigns.”

    Users need to be made aware of evolving social engineering techniques, since these advanced attacks are becoming the norm.

    “The intelligence here about sophisticated phishing kits shows that user training must evolve,” the researchers write. “Telling users ‘check the URL bar’ is no longer sufficient when kits can spoof the browser window convincingly.

    “Security awareness programs should include examples of AiTM and BitB and advise things like ‘If an MFA prompt or login appears at an unusual time, be skeptical even if it looks normal.’ Also emphasize the use of password managers, since they can be a backstop against fake forms. To better train your organization against the latest phishing tricks (like QR code phishing, AiTM, BitB windows), incorporate them into phishing simulations for employees, to inoculate them somewhat and measure risk.”

    AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    Flare has the story.

    Topics: Phishing Cybercrime Human Risk Management

    Access the World’s Largest Security Awareness Library

    Explore over 1,000 interactive modules, videos, and games designed to sharpen user instincts and secure AI interactions. Get instant access to our Free Training Preview and find the perfect content to fortify your security culture.

    Get Your Free Training Preview

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the human and AI workforce to make safer security decisions every day. Trusted by over 70,000 organizations worldwide, we help strengthen security culture and manage risk. Our comprehensive AI-driven platform includes awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, agent security and more. As the only global security platform of its kind, KnowBe4 provides personalized content, tools, and techniques to keep the modern workforce safe from phishing, vishing, deepfakes, and emerging threats.

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk and agent security best practices, compliance strategies and industry research to help organizations strengthen their digital defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog

    We Train Humans and AI Agents. Socially engineered or prompt engineered? It's all human risk. Learn more

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.