Microsoft says it has taken down RedVDS, a cybercrime subscription service accused of enabling phishing, business email compromise (BEC), account takeover and other fraud campaigns that have cost victims millions.
According to reporting by Infosecurity Magazine, RedVDS operated as a criminal service platform sold to other threat actors. Microsoft linked the operation to AI-assisted attack workflows that helped customers create more convincing phishing lures and scale fraud activity. The company said the service was used in schemes targeting both individuals and organizations.
While the available reporting does not name specific victims or list technical indicators, the case fits a wider pattern: cybercrime groups are packaging infrastructure, templates and automation into rentable services that lower the skill needed to run effective scams. In RedVDS’s case, the use of AI appears to have improved the quality and speed of phishing and BEC operations rather than introducing a new attack method.
The impact is significant because BEC remains one of the costliest forms of cybercrime. Once attackers steal credentials or gain access to a business email account, they can redirect invoices, change payment details or impersonate executives and suppliers. AI tools make those messages easier to tailor, harder to spot and faster to produce at scale.
For defenders, the takedown is useful but unlikely to end the threat. Criminal infrastructure often reappears under new domains or providers after disruption. Organizations should treat polished phishing emails and payment-change requests as high risk, especially when they create urgency. Basic controls still matter: phishing-resistant MFA, DMARC, out-of-band payment verification and tighter monitoring for suspicious inbox activity. Employees using public networks should also secure traffic with a VPN, though that will not stop email fraud on its own.
Microsoft’s move shows how major vendors are increasingly targeting the service layer of cybercrime, not just individual malware strains. As AI becomes a standard feature in fraud operations, takedowns like this may raise costs for attackers, but they will also need to be repeated often to have lasting effect.
