Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

The Phishing-as-a-Service Economy is Thriving

KnowBe4 Team | Feb 5, 2026

Phishing Attacks Source of Identity-Related BreachesCommodity phishing platforms are now a central component of the cybercriminal economy, according to researchers at Flare. These platforms allow threat actors of all skill levels to carry out advanced attacks at scale.

“Modern kits often include advanced features such as reverse proxy, real-time MFA bypass, dynamic logo replacement, bot detection, Telegram exfiltration, and automated victim tracking, making them one of the most widely used and scalable tools in the cybercrime ecosystem,” Flare says.

“A newer evolution of this model is Phishing-as-a-Service (PhaaS), where operators sell subscriptions to ready-made phishing infrastructures, so customers never touch the underlying code. Such service often includes hosting services, lures, dashboards, and automatic updates. This turns phishing into a scalable, low-skill, high-impact service economy, dramatically increasing the volume and sophistication of global phishing campaigns.”

Users need to be made aware of evolving social engineering techniques, since these advanced attacks are becoming the norm.

“The intelligence here about sophisticated phishing kits shows that user training must evolve,” the researchers write. “Telling users ‘check the URL bar’ is no longer sufficient when kits can spoof the browser window convincingly.

“Security awareness programs should include examples of AiTM and BitB and advise things like ‘If an MFA prompt or login appears at an unusual time, be skeptical even if it looks normal.’ Also emphasize the use of password managers, since they can be a backstop against fake forms. To better train your organization against the latest phishing tricks (like QR code phishing, AiTM, BitB windows), incorporate them into phishing simulations for employees, to inoculate them somewhat and measure risk.”

AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

Flare has the story.

Topics: Phishing Cybercrime Human Risk Management

Access the World’s Largest Security Awareness Library

Explore over 1,000 interactive modules, videos, and games designed to sharpen user instincts and secure AI interactions. Get instant access to our Free Training Preview and find the perfect content to fortify your security culture.

Get Your Free Training Preview

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

KnowBe4 Team

ABOUT KNOWBE4 TEAM

The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk and agent security best practices, compliance strategies and industry research to help organizations strengthen their digital defense layer and stay informed, resilient, and secure.

Read more from KnowBe4 »

Subscribe the KnowBe4 Blog

Posts By Topic

View All