If cybercrime sounds like something that only happens to big corporations, think again. This month, Microsoft announced it seized 340 domains used by a growing “phishing-as-a-service” operation called Raccoon0365. This was not your typical lonely hacker at home. Raccoon0365 sold fake login templates for Microsoft accounts and offered a subscription model, making it frighteningly easy for anyone to launch a convincing attack.
Most attacks ran through a private Telegram channel with over 850 paying subscribers. That is a huge customer base by cybercrime standards. For as little as a few hundred dollars, nearly anyone could mimic a trusted company and harvest credentials from thousands of unsuspecting people. Since last year, the operators reportedly raked in over $100,000 in cryptocurrency and targeted more than 2,300 organizations with tax season scams in just two weeks.
Table of Contents
Cybercrime Is Now a Subscription Business
What should concern everyone is how easily Raccoon0365 made cyberattacks scalable. Old-school phishing campaigns took expertise. Today, you just pay for a kit and follow instructions. No technical skill required. Every time people enter their Microsoft credentials on a spoofed site, attackers get another set of keys. Once inside, they can steal data, plant malware, or sell access to other criminals.
According to Microsoft’s filings, health sector targets were a favorite. At least 25 healthcare organizations were attacked and five admitted their credentials had been harvested. The broader risk is crystal clear. If a cybercriminal gets an admin password for a hospital or insurance provider, the results can be catastrophic.
What you can do
If you manage online accounts, think carefully before clicking links, even from people or companies you trust. Use multi-factor authentication wherever possible. Microsoft’s case proves that companies are getting better at disruption, but cybercriminals are finding smarter ways to automate attacks. The fight moves fast and the risks are not just for IT staff. They are for every user and every business, every day.
