This analysis explores the Rockstar 2FA phishing-as-a-service kit, focusing on real-world email campaign examples. It highlights various techniques used by attackers, including the abuse of legitimate services for FUD (Fully Undetectable) links, such as Microsoft OneDrive, OneNote, Dynamics 365, Atlassian Confluence, and Google Docs Viewer. The use of QR codes in phishing attempts and the insertion of stolen email threads to inflate message size are also discussed. The article emphasizes the multi-stage nature of these attacks and the importance of caution when dealing with emails sent through trusted platforms.