The Caesar's Cipher Connection: Phishing-As-A-Service Goes Ancient
Roman encryption exploited in 890,000 deceptive email attempts
In the ever-evolving world of cybercrime, phishing attacks remain a persistent threat. Gone are the days of embarrassing "dear winner" emails and Nigerian royalty solicitations. Today's phishing schemes, empowered by AI, have become increasingly sophisticated and much harder to resist. What's more alarming is the use of phishing-as-a-service (PhaaS) platforms, which streamline the creation and deployment of attacks.
According to a report by threat researchers at Barracuda Networks, revealed in March 2025, these attacks are megawatt in numbers. January and February alone saw over a million Phishing attempts – a concerning truth for both consumers and organizations alike. If that number doesn't keep you up at night, consider this: Tycoon 2FA, a predominant PhaaS platform, accounted for 89% of these attacks.
A closer investigation by Barracuda Networks revealed that Tycoon 2FA has been upgrading its scripts to evade detection by defenders. To do so, these scripts are encrypted using a shifting substitution cipher, a simple yet effective encryption method that traces back to Julius Caesar, the infamous Roman emperor.
This encryption technique, known as the Caesar Cipher, is responsible for several processes, including the theft of user credentials and their exfiltration to the attackers' controlled servers. While the Caesar Cipher may seem rudimentary, it effectively thwarts defenders' attempts to analyze and detect phishing pages.
890,000 phishing attacks can't be dismissed as just another day in the cybersecurity field. As PhaaS platforms like Tycoon 2FA continue to evolve, it's crucial to stay vigilant and well-informed about the latest tactics cybercriminals use to dirty their hands in your digital life.
- The encryption method used by Tycoon 2FA, a prominent phishing-as-a-service (PhaaS) platform, is the Caesar Cipher, a shifting substitution cipher that dates back to the Roman emperor, Julius Caesar.
- In the vast number of phishing attacks revealed by a Barracuda Networks report in March 2025, over 89% were traced back to Tycoon 2FA, demonstrating the significance and effectiveness of the Caesar Cipher in these modern cyber attacks.
- Despite being an ancient encryption technique, the Caesar Cipher plays a crucial role in the mechanisms of today's phishing attacks, aiding in the theft of user credentials and their exfiltration to attackers' controlled servers.
