Signal

Global Coalition Dismantles Tycoon 2FA Phishing Platform

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-03-04 11:00 UTCUpdated 2026-03-05 13:34 UTC

redditrss

regulationcyberscoop_cso_online

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (7)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Police dismantle major phishing platform blamed for attacks on hospitals and schools

The Record (Recorded Future News) · News · therecord.media · 2026-03-05 12:46 UTC

Authorities pull plug on Tycoon 2FA phishing-as-a-service platform

Help Net Security · News · helpnetsecurity.com · 2026-03-05 08:37 UTC

Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks

thehackernews · News · thehackernews.com · 2026-03-05 06:51 UTC

Microsoft leads takedown of Tycoon2FA phishing service infrastructure

CSO Online · News · csoonline.com · 2026-03-05 02:34 UTC

View all evidence

Overview

A global coalition led by Microsoft and Europol has dismantled the Tycoon 2FA phishing platform, a significant threat that allowed cybercriminals to bypass multifactor authentication. The operation resulted in the seizure of 330 domains and involved law enforcement from multiple countries.

Entities

MicrosoftEuropolCloudflareCoinbaseIntel471ProofpointShadowserver FoundationSpyCloud

Score total

2.12

Momentum 24h

7

Posts

7

Origins

7

Source types

2

Duplicate ratio

0%

Why now

The operation comes at a time when phishing attacks are on the rise globally.
Dismantling Tycoon 2FA is crucial to prevent further exploitation of MFA vulnerabilities.
The recent surge in phishing incidents necessitated immediate action from law enforcement.

Why it matters

The takedown of Tycoon 2FA significantly disrupts phishing operations globally.
It highlights the effectiveness of international cooperation in combating cybercrime.
The operation protects organizations from a major threat to their security infrastructure.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Tycoon 2FA was responsible for tens of millions of phishing messages reaching over 500,000 organizations monthly.
The takedown operation involved law enforcement from six countries and 11 security firms.

How sources frame it

Europol And Security Experts: neutral

Recent global efforts have successfully dismantled the Tycoon 2FA phishing platform, a significant threat in the cybersecurity landscape.

All evidence

All evidence

M365 Account Takeover Without Credential Theft: Surge in OAuth Phishing

malware · reddit.com · 2026-03-05 13:34 UTC

Police dismantle major phishing platform blamed for attacks on hospitals and schools

The Record (Recorded Future News) · therecord.media · 2026-03-05 12:46 UTC

Authorities pull plug on Tycoon 2FA phishing-as-a-service platform

Help Net Security · helpnetsecurity.com · 2026-03-05 08:37 UTC

Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks

thehackernews · thehackernews.com · 2026-03-05 06:51 UTC

Microsoft leads takedown of Tycoon2FA phishing service infrastructure

CSO Online · csoonline.com · 2026-03-05 02:34 UTC

Global coalition dismantles Tycoon 2FA phishing kit

CyberScoop · cyberscoop.com · 2026-03-04 22:32 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 6Origin domains: 6Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 6 / 0

Top publishers (this list)

malware (1)
The Record (Recorded Future News) (1)
Help Net Security (1)
thehackernews (1)
CSO Online (1)
CyberScoop (1)

Top origin domains (this list)

reddit.com (1)
therecord.media (1)
helpnetsecurity.com (1)
thehackernews.com (1)
csoonline.com (1)
cyberscoop.com (1)