01 ·
Intercept before, not after
90% of solutions act on the email before delivery. Fortgale operates where traditional filters fail: on the destination page, at the moment the user is about to surrender credentials.
Phishing stops before credentials are entered.
Most anti-phishing solutions act after the compromise. Fortgale intercepts the attack at the exact moment the user is about to type their credentials — and blocks it.
Fortgale · Interceptor
Alert
Phishing page detected
This page is simulating your corporate Microsoft 365 portal. Do not enter your credentials.
hxxps://login-acme[.]365-secure[.]net/oauth/...
Compliance · phishing
NIS2 ready
DORA
ISO 27001
GDPR
Compatibility
Microsoft 365
Entra ID
Google Workspace
MITRE ATT&CK
Why a new paradigm is needed
Pre-compromise + post-compromise. Complete defence.
The Interceptor prevents the initial compromise. ITDR governs identity security at 360°. Together: pre- and post-compromise defence.
02 ·
Interceptor + ITDR
The Interceptor prevents initial compromise; ITDR governs 360° identity security from AD to Cloud. Pre + post compromise defence.
03 ·
Zero latency, zero changes
Real-time analysis client-side. No DNS, mail server or tenant to modify. Onboarding in a few hours.
Proof · protected sectors
Four sectors where Fortgale is already operational.
Banking
Among the most-targeted sectors
by M365 credential harvesting
by M365 credential harvesting
Shipping
BEC phishing
wire transfer hijack
wire transfer hijack
Manufacturing
Supply chain spear-phishing
on hybrid M365
on hybrid M365
Critical infra
NIS2 operators
auditable reporting
auditable reporting
How the Interceptor works
Four steps · the user never enters credentials.
01 · Email
Phishing email received
The email arrives. SEG, sandbox and DNS filters don't stop it: the message is clean, the link points to a recent domain.
02 · Click
Click on malicious link
The user clicks. The browser opens a page that imitates the corporate M365 portal (or Google Workspace).
03 · Detect
Interceptor detects the threat
The Interceptor analyses the page client-side: fingerprint, URL pattern, DOM structure. Identifies it as phishing.
04 · Block
Alert — user protected
Blocking warning before credentials are entered. No credentials are ever transmitted. Event sent to the CISO dashboard.
Six Interceptor pillars
What makes the Interceptor different.
01
Behavioural protection
Operates on the destination page, not on the email. Effective post-filter.
02
Zero latency
Client-side, no proxy server, no perceptible latency for users.
03
Zero infrastructure changes
No DNS, mail server or M365 tenant changes. Activation in a few hours.
04
M365 + Google Workspace
Full coverage of both leading SaaS environments. EN/IT bilingual.
05
Real-time intelligence
Powered by the Fortgale Intelligence Feed: 34k+ IoCs per week, continuously updated phishing infrastructure.
06
Centralised reporting
Intercepted attacks dashboard, users involved, target sectors. CISO reporting with trends and MTTD/MTTR.
ITDR · post-compromise
Four coverage areas, one unified console.
When an identity is already compromised, the Fortgale ITDR detects and responds in real time.
AD on-premise
Active Directory Security
Detection of Kerberoasting, Pass-the-Hash, DCSync, Golden Ticket, lateral movement, critical GPO modifications.
Cloud identity
Entra ID · Azure AD
MFA Bypass, Token Theft, Service Principal abuse, Hybrid Identity attacks, OAuth illicit consent grant.
UEBA
Behavioural anomalies
Behavioural baseline on privileged users, insider threat detection, anomaly detection on access and impossible geo-velocity.
Identity IR
Identity Incident Response
Account isolation, token revocation, blast radius assessment, guided remediation, post-incident hardening.
Integrated defence
Anti-phishing is the first layer. The others complete it.
AiTM specific
AiTM Protection
Technical deep-dive on the Adversary-in-The-Middle attack: kill-chain anatomy, Evilginx/Modlishka/Muraena frameworks.
Deep dive AiTM →Identity
ITDR · Identity Protection
360° identity security from on-prem AD to Entra ID and Cloud. Detection & response on compromised credentials.
Discover ITDR →European SOC
Managed Detection & Response
EDR/XDR governed by the European SOC. Triage in <15 min, containment ~11 min.
Discover MDR →FAQ
Everything to know before activating the protection.
How does the M365 Phishing Interceptor work?
Intercepts at the most critical moment — when the user is about to enter credentials on a malicious page. Detects page traits, displays a warning, prevents entry. Client-side, zero latency, zero operational impact.
Does it work with Google Workspace?
Yes. Extension to Google Workspace: Google credential campaigns are frequent in manufacturing, logistics and professional services. Identical logic.
What is the Fortgale ITDR?
Identity Threat Detection & Response: 360° enterprise identity security. From on-prem AD to Entra ID, hybrid environments and multi-cloud. Continuous monitoring, anomaly detection, identity incident response, guided remediation.
Which sectors do you protect?
Banking/finance, maritime transport, manufacturing, critical infrastructure, healthcare, retail, legal and beyond. Phishing does not discriminate: protection is effective regardless of sector because it operates on user behaviour.
How do I activate it for free?
Request form → Fortgale team contacts you within 24 working hours → onboarding without infrastructure changes in a few hours.
Research · phishing against enterprises
We track phishing campaigns against European enterprises.
Credential harvesting, BEC, lookalike domains, infostealer logs on underground forums: we monitor the entire phishing supply chain hitting European businesses. Our detections come from this research — not recycled public feeds.
Phishing Kits Bypass MFA and Hijack companies's accounts in minutes
Intelligence · Phishing Kit · Q1 2026 April 24, 2026Fortgale CTI14 min readRPT-26-0424 Observation of the quarter The 2026 phishing ecosystem has outpaced tradition…
Read article →
Investment-Targeted Phishing: How Phishing Kit Fuels Espionage in Funding Rounds
In the high-stakes world of venture capital and corporate funding, where millions hang in the balance and sensitive financial data flows freely, a new breed of cyber threat is em…
Read article →
Operation Storming Tide: A massive multi-stage intrusion campaign
In February 2026, the Fortgale Incident Response team investigated a multi-stage intrusion attributed to Mora_001, a Russian-origin threat actor exploiting Fortinet vulnerabiliti…
Read article →
Behind the Wheel: Unveiling the Supercar Phishing Kit Targeting Microsoft 365
UPDATES: 27.11.2024: As mentioned by TrustWave, "Supercar Phishing Kit" has an high level of overlapping with the most recent update of "Rockstar 2FA Phishing-as-a-Service" 26.09…
Read article →
Espionage activities targeting European businesses
In the evolving landscape of cybersecurity threats, Fortgale is tracking PhishSurf Nebula, an advanced Cyber Espionage group active since 2021 and primarily targeting entities wi…
Read article →
Nebula Broker: offensive operations made in Italy
Fortgale has been tracking an Italian Threat Actor, internally dubbed as Nebula Broker, since March 2022. The actor uses self-made malware (BrokerLoader) to compromise Italian sy…
Read article →
Start now — it's free
Your corporate credentials are the most prized target.
Phishing is the entry point of 91% of enterprise cyber attacks. The Fortgale M365 Phishing Interceptor closes that door — for free. Activate it today, before a user enters their credentials in the wrong place.