Forg365 Microsoft 365 phishing is a new and serious threat to businesses of every size. Cybersecurity researchers disclosed a sophisticated new phishing-as-a-service platform today that specifically targets Microsoft 365 accounts using artificial intelligence. Furthermore, it combines multiple attack methods to steal credentials even from users who have enabled two-factor authentication. Here is how it works and how to stay protected.
What Is the Forg365 Microsoft 365 Phishing Platform?
Forg365 is a commercial phishing kit sold to cybercriminals. Specifically, it targets the world’s most widely used business productivity platform. According to BleepingComputer, Forg365 is a new phishing-as-a-service operation that focuses on stealing Microsoft 365 accounts by combining adversary-in-the-middle (AiTM) and device code methods with AI-assisted lure generation.
Furthermore, the platform automates the most labour-intensive parts of a phishing campaign. Specifically, AI generates convincing fake emails tailored to the target organisation. As a result, victims receive highly personalised phishing messages that are far harder to spot than generic spam.
How Forg365 Bypasses Two-Factor Authentication
The AiTM technique is what makes Forg365 especially dangerous. Traditionally, two-factor authentication stops most phishing attacks. However, adversary-in-the-middle attacks sit between the victim and the real Microsoft login page.
Specifically, the platform intercepts the session cookie after the victim successfully logs in and completes their two-factor check. Therefore, the attacker captures a valid authenticated session without ever needing the victim’s password or second factor. Consequently, accounts with MFA enabled are still vulnerable to this method.
The AI-Assisted Lure Generation Threat
The second innovation is the use of AI to craft phishing lures. Historically, phishing emails were easy to spot due to poor grammar and generic messaging. However, Forg365 changes that entirely.
Specifically, AI generates emails that mimic the exact tone, format, and branding of legitimate Microsoft communications. Furthermore, the platform can tailor messages to specific job roles, departments, or recent company events. As a result, even security-aware employees can be fooled.
Who Is Most at Risk
Forg365 Microsoft 365 phishing targets businesses, not just individuals. Specifically, any organisation using Microsoft 365 for email, Teams, SharePoint, or OneDrive is a potential target. Furthermore, small and medium businesses without dedicated security teams are especially vulnerable.
Additionally, the platform is sold as a service, meaning many different criminal groups can deploy it simultaneously. Consequently, the scale of attacks using this toolkit could grow rapidly.
How to Protect Your Microsoft 365 Account
Several steps can significantly reduce your risk. First, enable phishing-resistant MFA, specifically hardware security keys or passkeys, rather than SMS or app-based codes, since those remain vulnerable to AiTM attacks.
Second, train employees to verify unexpected login requests directly through official channels. Third, enable Microsoft’s Conditional Access policies, which can detect and block suspicious authentication attempts. Fourth, monitor your account sign-in logs for unfamiliar locations or devices. As CISA recommends, organisations should assume that phishing attempts will occasionally succeed and focus on limiting what attackers can do afterward.
This article covers ongoing security threats. Consult official vendor advisories and apply security updates promptly.
You may be interested in this article: Travel Phishing Scam Surge 122%; How to Spot Fake Booking Sites this Summer.