The Dark Side of Phishing as a Service: An Emerging Threat to Your Cybersecurity – 2023

Phishing has long been a prevalent cyber threat, with malicious actors constantly developing new ways to deceive their targets and steal valuable information. One emerging trend that has caused even greater concern is the rise of Phishing as a Service (PhaaS), a phenomenon that enables cybercriminals to launch sophisticated phishing campaigns with ease. These services are sold on various platform including telegram, darkweb and other sources.

In this article, we will explore the dark side of PhaaS, its growing threat to cybersecurity, and discuss strategies to protect against these attacks.

Understanding Phishing as a Service (PhaaS)

What is Phaas?

PHAAS (Phishing as a Service) is a type of cybercrime service where attackers offer phishing attack services to other cybercriminals on a subscription or pay-per-use basis. The PHAAS provider typically provides the infrastructure, tools, and resources needed to carry out a phishing attack, such as hosting the phishing website, creating phishing emails, and harvesting stolen credentials.

In the past, launching a successful phishing campaign involved a diverse range of skills, but the advent of Phaas has revolutionized the process, making it accessible even to those with limited experience. This has also opened up a new revenue stream for hackers who can now offer phishing attack services to others.

Credentials theft
Credentials theft

How Phaas Works?

In past, vendors were advertising about the services on darknet but I recent days we could see them searching for customers even on the regular internet.

When a customers is interested in such subscription he buys the phishing kit from vendor which may vary in price depending on the vendor and the capability of the phishing kit the customer needs. There are discounts and deals on the same.

The Phishing as a service kit provides cybercriminals with all the necessary tools and resources to conduct successful phishing campaigns. The resources include email templates, fake website templates, lists of potential targets, detailed instructions, and even customer support.

PhaaS allows less experienced users to carry out attacks without requiring in-depth technical knowledge, making it an increasingly popular choice for cybercriminals.

Why is Phaas a threat to Organization?

In the FBI’s 2022 Internet crime report, phishing schemes were the number one crime type with 300,497 complaints and 323,972 cases in 2021. Phishing is the fastest growing criminal activity on the internet till date which includes all the form of phishing attacks.

Phishing as a service opens door to anyone who wants to be a cybercriminal as no technical knowledge is needed to launch a phishing campaign due to the introduction of Phaas.

The Rise of Subscription-based Phishing/ Phishing-as a service Caffeine

Subscription-based phishing models have become more prevalent as they offer cybercriminals an easy and efficient way to conduct their malicious activities. These models provide a continuous stream of new phishing techniques and tools, allowing attackers to stay up-to-date with the latest trends and maximize their chances of success.

The rise of subscription-based phishing models highlights the ongoing threat of phishing attacks, and underscores the importance of implementing strong security measures, such as anti-phishing software, employee training and awareness programs, and multi-factor authentication, to help prevent these types of attacks.

Phishing as a service
Phishing as a service

The Growing Threat of PhaaS

1. Sophisticated Phishing Techniques

PhaaS providers are constantly developing new and sophisticated phishing techniques to deceive their targets. This includes the use of social engineering tactics, personalized emails, and advanced spoofing methods. As a result, it becomes increasingly difficult for individuals and organizations to identify and avoid phishing attacks.

These include targeted phishing attacks that are tailored to specific individuals or organizations, using information obtained through social engineering tactics or data breaches. The attackers may use personalized messages or spoofed email addresses to trick their victims into divulging sensitive information or clicking on malicious links.

Attackers may pose as trusted colleagues or external partners to trick their victims into divulging login credentials, wire transfers, or other sensitive information.

Attackers may send messages posing as a legitimate organization, such as a bank or government agency, and provide a link to a fake website or malware-infected app.

2. The Phishing-as a Service Evilproxy

“Phishing-as-a-Service EvilProxy” is not a well-known or commonly used term in the cybersecurity industry. However, it is possible that it refers to a specific instance or variant of a phishing attack that leverages a proxy server to make the attack more effective.

A proxy server is a server that acts as an intermediary between a client device and the internet. In the context of a phishing attack, a proxy server can be used to hide the attacker’s identity and make it more challenging to detect the attack. It can also be used to redirect the victim to a fake website that mimics a legitimate one, making it easier to steal their credentials or sensitive information.

3. The Proliferation of PhaaS and COVID-19

The COVID-19 pandemic has presented an opportune environment for PhaaS providers as a result of the increased number of people working remotely and conducting business online. This surge in online activity has made individuals more susceptible to phishing attacks, which cybercriminals have capitalized on by launching COVID-19-related phishing attacks. These attacks exploit people’s fears and uncertainties surrounding the virus, creating a perfect opportunity for attackers to exploit their victims.

Attackers often use emails or messages that appear to offer critical information on COVID-19, like updates on infection rates or vaccine availability, as a guise for their attacks. These messages can have malevolent links or attachments that, upon being clicked, can infect the target’s device with malware or enable the attacker to steal their login credentials.

4. The Cost of Phishing Attacks

Phishing attacks can have severe financial consequences for both individuals and organizations. On average, phishing attacks cost enterprises nearly $15 million USD annually. With the growing accessibility of PhaaS, these costs are only expected to increase in the coming years.

Whereas the Phishing-as a service price begin at only $40 and vendors also provide discount on these phishing-as a service kits.

The Role of AI and Machine Learning in Phishing

1. ChatGPT and Phishing

AI-powered tools like ChatGPT have made phishing attacks even more accessible and effective. With the ability to generate human-like text, these tools can create convincing phishing emails that are difficult to distinguish from legitimate communications. This increases the likelihood of targets falling for phishing schemes, making it an attractive option for cybercriminals utilizing PhaaS platforms.

ChatGPT and Phishing

2. AI-powered Email Gateways

As phishing techniques evolve, so do the defensive measures against them. AI-powered email gateways, which leverage machine learning and behavioral analysis, are now being used to identify and block phishing emails more effectively. This proactive defense helps protect organizations from the growing threat of PhaaS.

While AI and ML have proven to be effective in detecting and preventing phishing attacks, they are not foolproof. Attackers have also started using these technologies to create more sophisticated and convincing phishing attacks. For instance, they can leverage machine learning algorithms to produce highly personalized phishing emails that are tailored to their targets’ interests. This makes it more challenging to identify and thwart such attacks, even with the use of AI and ML technologies.

Phishing Defense Strategies

1. Security Awareness Training

Knowledge is the best defense against phishing attacks. Staying informed about the latest developments in the phishing landscape and understanding how to identify and avoid these threats is crucial. Security awareness training, which can be complemented by phishing simulations, helps educate users on how to recognize and respond to phishing attempts.

2. Phishing Simulations

Phishing simulations, like Deloitte’s Phishing as a Service (Ph), are an effective way to test employees’ ability to recognize phishing emails and measure the effectiveness of security awareness training. These simulations send harmless phishing emails to employees and monitor their responses, providing valuable insights into potential vulnerabilities and areas for improvement.

You can also run phishing attack simulations on your own by following our guide on how to design a phishing attack simulation in PhishGrid the phishing attack simulation platform.

Layered Security Approach

A layered security approach combines multiple tactics to thwart attacks and mitigate cyber risk. Some key components of this approach include:

1. Cloud App Security

Cloud app security solutions help protect organizations from threats associated with cloud-based applications, which can be exploited by cybercriminals using PhaaS. These solutions provide visibility and control over cloud app usage, ensuring a secure and compliant environment.

Cloud App Security

2. Secure Web Gateway (SWG)

SWG solutions inspect traffic between employees and the internet, using machine learning to identify and block spoof websites that can be used in phishing attacks. By preventing access to malicious websites, SWGs help protect users from inadvertently disclosing sensitive information to cybercriminals.


What is Phishing as a Service (PhaaS)?

Phishing as a Service is a subscription-based model that provides cybercriminals with the tools and resources necessary to conduct successful phishing campaigns. It allows less experienced users to carry out attacks without in-depth technical knowledge.

How has the COVID-19 pandemic affected the growth of PhaaS?

The COVID-19 pandemic has led to an increase in phishing attacks, partly due to the rise in remote working and reliance on digital communication. Cybercriminals have capitalized on the situation by using PhaaS platforms to launch targeted attacks, exploiting fears and anxieties related to the pandemic.

How can organizations protect themselves from PhaaS-generated attacks?

Organizations can protect themselves by adopting a layered security approach that includes measures such as Heimdal Email Security, security awareness training, phishing simulations, cloud app security, and secure web gateways.

What role does AI play in phishing attacks?

AI-powered tools like ChatGPT can generate convincing phishing emails that are difficult to distinguish from legitimate communications. This makes phishing attacks more accessible and effective for

What extent is phishing-as a service is a threat?

Phishing-as-a-Service (PhaaS) is a significant threat to organizations worldwide. The ease with which even non-technical criminals can launch phishing attacks with minimal effort and investment has led to a proliferation of phishing campaigns.


Phishing as a Service is a growing threat to cybersecurity, enabling cybercriminals to launch sophisticated and highly targeted attacks with relative ease. By understanding the risks associated with PhaaS and adopting a layered security approach, individuals and organizations can protect themselves from the evolving landscape of phishing attacks.

Lichumon is an enthusiastic SOC Analyst with a keen interest in exploring the complexities of the dark web and human risk factors in cybersecurity. Despite being early in his career, his eagerness to learn and adapt sets him apart. Balancing vigilance and curiosity, Lichumon navigates the ever-evolving cyber threat landscape with a sense of determination and commitment to continuous learning.