For the price of a used laptop, a nobody can flood your team with flawless, custom fakes aimed at your Microsoft logins. Here is how it works, and how to shut your own doors first.
Save My Seat →Thursday, July 9, 2 PM ET. No charge, no pitch.
The problem: A criminal no longer needs any skill to run a slick phishing scam. For about six hundred dollars they rent an AI kit that writes a fresh, personalized fake for every target and goes straight for your Microsoft 365 logins. Your spam filter never sees the same thing twice.
The solution: You can't stop the kit from existing, but you can shut the doors it walks through. In a live Insider Session I will show you how these get in, and exactly what to fix first, in plain English.
In this article
Think of it as a scam factory you rent by the month. Sold quietly in the corners of the internet, the kit does all the hard work a skilled crook used to do by hand. The renter picks a target list, and the AI writes each person a custom email that sounds like it came from their own bank, their own coworker, or their own vendor.
Because every email is freshly written, the spam filter never sees the same thing twice. In one batch researchers looked at, no two fakes were alike. These attacks have jumped about 1,380 percent, the kits rent for between $600 and $1,500, and they are built to slip past the usual protections, even the extra login codes a lot of offices lean on.
For years, a good scam took a skilled crook real effort. That was your protection, even if you never knew it. The bad ones were sloppy and easy to laugh off. That floor just fell out. For the price of a used laptop, a nobody can send a flood of polished, custom fakes, each one aimed at a specific person at a specific company.
This wave goes straight for Microsoft 365 logins, the accounts most businesses run on. One fooled employee, one stolen login, and the crook is inside your email, your files, and your payroll. Having Microsoft 365 is not the same as being safe on it.
You can't un-invent the kit. But two things are squarely in your hands. The first is how your team judges a message. The old typo tells are gone, so stop judging the polish and judge the request instead. Anything pushing urgency, secrecy, a payment, or a password is the red flag, no matter how clean it looks.
The second is the doors on your own machines. A fooled employee is one way in. An unpatched program is another, and that one you can close before anyone knocks.
These messages are built in a lab to beat a busy human on a Tuesday afternoon. Expecting every employee to spot every one of them, every time, is not a plan. The plan is fewer open doors and one simple habit.
I have spent fifty years watching how these attacks work. FBI InfraGard, zero ransomware on any client I have worked with. And the scammers still got to my own father, with a cybersecurity expert for a son. If it can happen to him, it can happen to anyone, which is exactly why I made seeing your open doors simple.
No guesswork. Here is exactly what happens, three steps.
Thursday, July 9, 2 PM ET. Send the email and you are in.
✅ No charge, and nothing to buy on the call.
✅ It is not a pitch-fest. You will leave with real steps whether or not you ever buy a thing.
✅ Plain English. No jargon, and no talking down to you.
✅ Come live if you can, that is where I answer your questions. Saved a seat but can't make it? I'll send you the replay.
✅ If your setup is in good shape, I will tell you so. No scare tactics.
✅ Straight talk. I will show you what is "open" and "at risk," never "guaranteed."
Those help, and they are not enough against this. The kit writes a brand-new fake for every target, so the filter has nothing to match, and it is built to slip past texted login codes. The gap it aims for is a busy person and an open door, not your spam settings.
An hour now shows you where that gap is on your own machines. If you are already locked down tight, you will walk away knowing it.
The rented kits only get cheaper and smarter from here. You don't have to keep up with all of it. Spend one hour with me, walk away knowing exactly what to close first, and get back to running your business instead of guessing.
Save My Seat →Thursday, July 9, 2 PM ET. No charge, no pitch.
Want this kind of plain-English security news every week? Sign up for Craig's Insider Notes at CraigPeterson.com.
Join thousands of security professionals who receive Craig Peterson's Insider Show Notes and cybersecurity updates.
Join 10,000+ cybersecurity professionals