The Tycoon Phishing Group

Reza Rafati
The Tycoon Phishing Group
Estimated read time 1 min read

The Tycoon Phishing group operates on Telegram and is active in providing phishing services. The group has created a phishingkit that allows the usage of different types of branded templates1.

Tycoon Phishing Group Phishing Page mimicking Microsoft Live
Tycoon Phishing Group Phishing Page mimicking Microsoft Live

Some of them are:

  • Onedrive
  • Microsoft Live
The Tycoon Phishing Group - Picture taken from their Telegram group.

Sekoia.io reported on their X stream that the phishingkit resembles the Dadsec phishingkit.

Dadsec phishingkit - picture by Sekoia.io
Dadsec phishingkit – picture by Sekoia.io

The group is currently active on Telegram2 and they have their website hosted at tycoongroup[.]ws with Cloudflare security3 being enabled.

Protected by Cloudflare
Protected by Cloudflare
  1. https://urlscan.io/search/#filename%3A(%22pages-godaddy.css%22%20AND%20%22pages-okta.css%22) ↩︎
  2. https://t.me/tycoon_2fa_Link ↩︎
  3. https://www.virustotal.com/gui/ip-address/188.114.97.0/relations ↩︎
Think This Is Crucial Info? Share to Inform Others!
Avatar for Reza Rafati
Reza Rafati https://cyberwarzone.com

Reza Rafati, based in the Netherlands, is the founder of Cyberwarzone.com. An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author

+ There are no comments

Add yours