These days, the cybercrime ecosystem functions more and more like a subscription-based technology sector. Similar to the "as-a-service" model of legitimate cloud services, crime-as-a-service (CaaS) solutions allow inexperienced attackers to rent the resources and access they need to carry out attacks.
Cybercrime networks advertise scalable, on-demand services and pay-per-use models.
Although affiliate programs (RaaS) have long been used by ransomware gangs, nearly every aspect of online crime is now offered for a fee. In this blog, we discuss five ways cybercrime has shifted to a subscription-based business model, with notable differences from earlier practices.
1. Phishing-as-a-service keeps adding features
Phishing-as-a-service (PhaaS) has transformed email scams from DIY operations into polished subscription services. Traditionally, a cybercriminal needed to assemble phishing pages, mailer scripts, and mailing lists by themselves or buy a one-time phishing kit.
Today, there are turnkey phishing platforms that handle everything from creating convincing pages to sending bulk emails, all for a recurring fee. Some underground developers even integrate AI to supercharge phishing.
For example, SpamGPT is an AI-powered spam-as-a-service tool that automates the production of phishing emails, cracking of email accounts, and maximization of delivery rates, essentially offering marketing-grade campaign tools to criminals. This means a would-be phisher can launch a professional-looking campaign with minimal effort.
SpamGPT — AI-driven phishing campaign builder
Another innovation is the rise of malicious document builders like MatrixPDF, which turn ordinary PDFs into weaponized lures (adding fake login overlays, redirects, etc.) to slip past email filters. Criminal groups are selling these services and kits on subscription, complete with user guides and even customer support.
It’s a far cry from the old days of copying phishing HTML from Pastebin. PhaaS subscribers receive regular updates to their kits, anti-detection tweaks, and technical help through their subscription. The result? Even attackers with zero web development skills can continually deploy updated phishing schemes by simply paying a subscription, showing how phishing has evolved into a service that continually adapts and improves.
... continue reading