One of the world’s largest online phishing platforms, Tycoon 2FA, has been dismantled following a coordinated operation led by Europol and Microsoft, affecting over 96,000 victims, including nearly 500 in Belgium.
The platform provided hackers with ready-made tools to target individuals, businesses, and organisations using Microsoft Office/365 or Gmail.
It specialised in bypassing multi-factor authentication (MFA), a security measure that relies on codes sent via SMS or email for added protection.
Active since August 2023, Tycoon 2FA catered to users with minimal technical expertise and offered phishing services on apps like Telegram and Signal for around €104.37.
According to Microsoft, the platform caused more than 96,000 victims globally, nearly 500 of whom were based in Belgium.
Over 500,000 organisations were targeted monthly, including hospitals, research institutions, and public authorities. Microsoft estimates that in November 2025, the platform facilitated the sending of over 30 million phishing messages.
The dismantling was executed by Europol in partnership with Belgium’s Federal Computer Crime Unit, as well as police forces from Latvia, Lithuania, Portugal, Poland, Spain, and the UK.
Arrests linked to Tycoon 2FA took place in Egypt and Nigeria, with its developer identified in Pakistan.
As part of the operation, Microsoft pursued legal action to seize 330 domains, effectively disconnecting the phishing network’s central infrastructure.
