International operation dismantles global phishing-as-a-service platform

Source: Europol – europol.europa.eu Publication date: 4 March 2026 Official link: https://www.europol.europa.eu/media-press/newsroom/news/global-phishing-service-platform-taken-down-in-coordinated-public-private-action

Summary: Europol announced the dismantling of a major phishing-as-a-service platform known as “Tycoon 2FA”, used by thousands of cybercriminals to build fake login pages and steal access credentials. The operation, carried out through cooperation between law enforcement and the private sector, disrupted one of the most widespread global infrastructures for large-scale phishing campaigns.

How the scam works: The phishing-as-a-service model provides ready-made tools to imitate legitimate websites such as banks, cloud services, and corporate email portals. Criminals send fraudulent links by email or SMS, and when victims enter usernames, passwords, or one-time passcodes on the fake page, the data is immediately captured by the attackers. For example, a person may receive a message that appears to come from their bank with a link to “verify the account”: the website looks identical to the real one but is only designed to steal credentials.