Criminals Pay $10 to Hack You: Identity-Based Threats Hit Record High - 1

Image by Furkan Elveren, from Unsplash

Criminals Pay $10 to Hack You: Identity-Based Threats Hit Record High

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

The eSentire research team warns that cheap phishing kits, combined with info-stealers, enable cybercriminals to conduct identity-based attacks to record highs.

In a rush? Here are the quick facts:

  • 59% of cyber incidents in Q1 2025 were identity-related.
  • Tycoon 2FA phishing kits cost just $200–300/month.
  • BEC attacks now make up 41% of all cyberattacks.

The number of cyberattacks focusing on user identities increased by 156% during the previous year because hackers now primarily target login credentials. Security researchers at eSentire indicate that identity-driven threats makeup 59% of all incidents they investigate.

The primary factors driving this increase? PhaaS (Phishing as a Service) platforms like Tycoon 2FA, together with info-stealing malware, operate as the main causes of this rise. The tools enable criminals to take control of user accounts and create substantial recovery expenses for businesses.

“Tycoon 2FA has emerged as the dominant phishing tool since hitting the shelves in 2023,” eSentire explained, as reported by The Record . For just $200-300 per month, criminals get realistic phishing pages for Microsoft 365 and Google Workspace, plus tools to bypass multi-factor authentication (MFA). “The technical sophistication of these services rivals that of legitimate security tools,” eSentire added in the report.

The main security threat in the business world stems from Business Email Compromise (BEC) schemes. The attackers use Tycoon 2FA to create fake login pages, which they use to deceive finance staff. The attackers steal login credentials to track email communications before locating important financial documents and redirecting payment transfers to their criminal bank accounts.

BEC attacks and email takeovers increased by 60% between the previous year and Q1 2025, to become the leading attack type at 41% of total incidents. The less well-known BEC attacks result in financial losses that reach into the billions for businesses.

The purchase of logs from info-stealers costs criminal operators between $10 and $100. The stolen credentials from infected devices amount to dozens of entries, which can be used for basic identity attacks.

“The ROI for identity-based attacks far exceeds that of traditional malware,” eSentire warned, urging companies to adopt phishing-resistant tools like passkeys and invest in monitoring and rapid response.

“Organizations can either proactively transform their security architectures to address identity-centric threats, or they can continue operating with obsolete security programs until a successful attack forces reactive changes under crisis conditions,” the security report concluded.

Google Faces Antitrust Complaint In The EU Over AI Overviews - 2

Photo by Mitchell Luo on Unspash

Google Faces Antitrust Complaint In The EU Over AI Overviews

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

Google’s parent company, Alphabet, has been hit with an antitrust complaint in the European Union over its AI Overview tool. An organized group, the Independent Publishers Alliance, submitted the complaint to the European Commisssion, alleging that Google is abusing its dominance in online search.

In a rush? Here are the quick facts:

  • Alphabet has been hit by an antitrust complaint in the EU.
  • The Independent Publishers Alliance issued a complaint against Google’s AI Overviews.
  • Publishers claim the AI summaries can cause significant harm to their businesses.

Google’s move has sparked concerns among publishers. The Independent Publishers Alliance filed the complaint on June 30.

“Google’s core search engine service is misusing web content for Google’s AI Overviews in Google Search, which have caused, and continue to cause, significant harm to publishers, including news publishers in the form of traffic, readership and revenue loss,” states the document, as reported by Reuters.

The publishers claim that Google’s placement of its AI Overviews tool, at the top of the search results uses content developed by them and negatively impacts the visibility and traffic of their original content.

“Publishers using Google Search do not have the option to opt out from their material being ingested for Google’s AI large language model training and/or from being crawled for summaries, without losing their ability to appear in Google’s general search results page,” explained the publishers in the complaint.

Google said it disagrees with the publishers’ claims. The tech giant stated that it send billions of clicks to publishers’ websites every day.

“New AI experiences in Search enable people to ask even more questions, which creates new opportunities for content and businesses to be discovered,” said spokesperson from Google to Reuters. “The reality is that sites can gain and lose traffic for a variety of reasons, including seasonal demand, interests of users, and regular algorithmic updates to Search.”

Another organization that includes multiple advertisers and publishers, Movement for an Open Web, also signed the Independent Publishers Alliance’s complaint.

Last week, Cloudflare announced Pay Per Crawl , a new system that allows publishers to charge AI bots for access to their content.