Cyberthreats evolve almost daily, and for a while now, a stealthy phishing kit called Tycoon 2FA has been making headlines. This phishing-as-a-service (PhaaS) platform poses a significant threat to Microsoft 365 and Gmail users. You may have seen this as an increase in phishing emails with attachments that, if clicked, lead you to a phishing page. These look-alike phishing pages then ask you to enter your security or log-in credentials. It’s a sneaky, stealthy, and sophisticated attack.  

Like anything else though – the more you know about it, the more aware you’ll be to these potential threats. Let’s dive into how these attacks work, their evolution, and what you can do to stay safe.