Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.According to a recent report by SlashNext on a new phishing kit called “Astaroth,” those “verify your account” emails lurking in your inbox just became significantly more dangerous. These emails, often appearing to be from legitimate sources like Google or Microsoft, typically request you to sign in due to a vague security concern. Clicking on the included links, however, can now have severe consequences. Astaroth, a $2,000 phishing kit, is designed to compromise login credentials, 2FA codes, and session cookies through a sophisticated man-in-the-middle attack deployed on infected devices, effectively bypassing 2FA. This is not a simple scam; it’s a highly advanced operation capable of capturing sensitive information in real time. For more details, refer to the SlashNext report here. How This Email Nightmare Works It starts innocently enough – you get an email that looks legitimate (and these days, they really do look legitimate). Maybe it’s telling you your Outlook password is about to expire, or that someone tried to sign into your Gmail account. You click the helpful “verify here” button and boom – you’re looking at what appears to be a legitimate Google, Microsoft, or Yahoo login page. Except it’s not. It’s actually a clever man-in-the-middle attack that’s about to ruin your day. Image: SlashNext The truly terrifying part? This new attack uses…This new email scam bypasses 2FA and steals your identity