From helpnetsecurity.com
Crime-as-a-Service (CaaS) is the practice of experienced cybercriminals selling access to the tools and knowledge needed to execute cybercrime – in particular, it’s often used to create phishing attacks.
With Crime-as-a-Service, anyone can be an attacker