Microsoft just pulled the plug on a major cybercrime service
Cybercriminals love convenience. If they can rent tools that help them scam people faster, they will. Microsoft just shut down one of those “crime subscription” services called RedVDS, which provided disposable virtual computers used for phishing, fraud, and other scams.
Translation: a lot of scammers woke up and suddenly couldn’t log into their fake computers anymore. Love that for them.
What was RedVDS?
RedVDS was basically a rental shop for criminals. For a cheap monthly fee, attackers could spin up temporary computers (virtual machines) and use them to:
- Send huge volumes of phishing emails
- Set up scam websites and fake login pages
- Steal passwords and break into email accounts
- Pretend to be a boss, vendor, bookkeeper, or coworker to steal money
Microsoft said these rented systems were used to run attacks quickly, anonymously, and across borders.
How big was it?
This wasn’t some tiny operation. Microsoft estimated the activity tied to RedVDS contributed to:
- $40 million in reported fraud losses in a year
- Over 1 million phishing emails per day (in just one month)
- More than 191,000 organizations compromised or accessed globally
They also called out that the real estate industry got hit hard.
The #1 scam this powers: Email impersonation
One of the most common attacks enabled here was Business Email Compromise, which is a fancy way of saying:
- Someone breaks into (or imitates) an email account
- They pretend to be a boss, vendor, bookkeeper, or employee
- They push a fake invoice, wire transfer, or “urgent” payment request
This is why businesses lose money even when “nothing was hacked.” The trick is the communication.
So… are we safe now?
No. This is a win, but it’s not a cure. When a big scam platform gets taken down, criminals usually move to the next one. The lesson isn’t “relax.” The lesson is:
These scams are organized, automated, and scaled. Your business doesn’t have to be famous to get targeted. It just has to be reachable.
What you should do right now
Here are the practical moves that stop most email-based fraud:
- Turn on MFA (multi-factor authentication) on email accounts
- Use strong passwords (and don’t reuse them)
- Train your team to verify money requests by phone, not email
- Lock down mailbox rules (scammers love auto-forwarding)
- Use email filtering that blocks phishing and fake domains
- Have a backup plan for when someone clicks the wrong thing
Need help locking this down?
If you’re a small business in Las Vegas, Henderson, Mesquite, or Pahrump and you want real protection (not “hope and vibes”), SpeakGeek PCs can help you tighten up email security and reduce your risk fast.
Call/Text: 702-472-8229
Email: service@speakgeekpcs.com
Because scammers don’t need permission. They just need one mistake.
