Tag: vishing
27 articles

Privacy Breach at Qantas Exposed by Tech Support Scam Tactics
A clever tech-support scam led to a massive 2025 Qantas privacy breach, where 5.7 million customer records were compromised after a social engineering call tricked a contact-centre agent into giving away sensitive access. The sneaky tactic, not a systemic failure, was the surprising root cause of the breach.

UK Authorities Charge Five in Russian Coms Fraud Crackdown
In a major crackdown on Russian Coms Fraud, UK authorities have charged five individuals linked to a notorious platform that enabled scammers to hide their identities and swindle victims by impersonating trusted institutions. The platform, shut down in 2024, had been facilitating these deceitful calls since 2020.

Microsoft Tracks ShinyHunters' Salesforce Data Theft Via OAuth Flaws
Microsoft uncovered a sneaky year-long operation by the ShinyHunters extortion group, who exploited trust in Salesforce's OAuth system to steal sensitive data, using clever vishing tactics to trick employees into granting access to a malicious app. The attackers posed as IT support, convincing victims to authorize a fake Data Loader tool that allowed them to make API calls and search for valuable credentials.

Hackers Exploit Microsoft Entra Passkey Enrollment in Voice Phishing Attacks
Hackers are using voice phishing attacks to trick Microsoft 365 users into enrolling a new Entra passkey, targeting multiple sectors including food and beverage, technology, and healthcare. They're registering domains with the word "passkey" to convincingly pose as legitimate Microsoft representatives.

Helix Group Exploits SharePoint with Advanced Vishing Tactics
Helix Group hackers are using clever voice phishing tactics, often impersonating managers, to trick victims into handing over account access. They use a simple yet effective playbook, starting with a convincing phone call that sets the stage for a device-code phishing scheme.

Threat Actors Exploit Vishing, Physical Intrusions in US Data Extortion Campaign
Meet UNC3753, a notorious group of threat actors using clever voice phishing and social engineering tactics to infiltrate US corporate environments and steal sensitive data. Their deceitfully simple attacks start with a phone call or email and quickly escalate into rapid data theft and ransom demands.

Mandiant Exposes UNC3753's US Law Firm Data Heist Tactics
Beware of UNC3753, a notorious group that's been stealing sensitive data from US law firms and other professional services, using clever vishing tactics and lightning-fast intrusions to extort their victims. In some cases, they can go from initial contact to data theft in under an hour.

Ransomware Gang Pink Exploits Helpdesk Calls to Steal Credentials
Meet Pink, a notorious ransomware gang that's exploiting helpdesk calls to steal sensitive credentials using clever tactics like vishing and IT impersonation. They're using these stolen secrets to exfiltrate valuable data from enterprise cloud storage and productivity systems, leaving victims with a tough choice: pay up or face the consequences.

Charter Communications Breach Exposes 4.9 Million Accounts
A shocking data breach at Charter Communications has left 4.9 million customer accounts vulnerable, with hackers gaining access to sensitive information including names, email addresses, phone numbers, and physical addresses. The breach occurred after a clever voice phishing attack on April 1 allowed cybercriminals to tap into the company's Salesforce database.

MFA Prompt Bombing Exposes Weakness in Two-Factor Security
A shocking 2.8GB of data was stolen from Cisco after a clever attacker tricked an employee into approving a push-based MFA prompt, highlighting a disturbing vulnerability in two-factor security. This brazen hack, linked to the Yanluowang ransomware group, shows how attackers can exploit the very security measures meant to protect us.

Google Exposes BlackFile Extortion Operation's Tactics
Google's Threat Intelligence Group just exposed the clever tactics of the notorious BlackFile extortion operation, revealing how they use voice phishing and sneaky tech tricks to swindle dozens of organizations worldwide. Their clever scheme starts with a simple phone call, where fake IT helpers trick victims into spilling their secrets.

Cybercrime Groups Exploit Vishing, SSO Abuse in SaaS Extortion Spree
Cybercrime groups are launching lightning-fast extortion attacks within trusted SaaS environments, exploiting vishing and SSO abuse to evade detection and strike with precision. By hiding in plain sight, they're creating significant challenges for defenders trying to keep up.

Coupang Breach: Stunning Damage Hits 34M, Leaders React
Coupang breach jolted roughly 34 million customers after attackers used vishing and compromised vendor channels to steal—and then extort—sensitive data; here’s what went wrong and what customers and companies need to do next.

HMRC Exclusive: Alarming 135K Scam Reports
HMRC logged 135,500 suspected scam reports in ten months — nearly 4,800 tied to self‑assessment — showing fraudsters are getting craftier with texts, calls and AI‑generated lures. Here’s what to watch for and how to protect yourself.

ShinyHunters Exclusive: Damaging Corporate Extortion Wave
The ShinyHunters campaign has escalated from quiet database dumps to brazen public extortion—naming victims, posting timetables, and using voice‑phishing plus massive file thefts that could turn single breaches into a supply‑chain crisis. Corporations now face a stark choice: pay ransoms or risk a public dump of sensitive customer and corporate data.

ShinyHunters Exclusive: Dangerous Corporate Extortion
ShinyHunters has escalated from voice‑phishing to a public extortion site threatening to dump data from dozens of Fortune 500 companies. That shift puts customers and companies at risk and makes strengthening human‑centric defenses and zero‑trust controls urgently necessary.

Orange Belgium customers: Stunning Risky Breach 850K
A massive breach at Orange Belgium has put about 850,000 customers’ personal details into criminal hands, raising risks like SIM‑swap, targeted phishing and identity theft. If you might be affected, check what was exposed, lock down your carrier account with app‑based 2FA or a unique PIN, and be extra skeptical of unsolicited calls, texts or emails.

Experts Develop Voice-Changing Technology to Combat ‘Vishing’ Scams
Experts create innovative voice-changing technology to help combat ‘vishing’ scams, enhancing security and protecting personal information from fraud.

Fake IT Support Exploited in New Voice Phishing Scam
Fake IT support scammers are using voice phishing tactics to dupe victims. Learn about the new scam and how to protect yourself from tech fraud.

Shadow AI: The Threat You’re Funding Without Knowing It
Discover Shadow AI—a hidden threat quietly funded behind the scenes. Uncover how covert investments fuel digital risks and undermine control.

Navigating Cyberchondria: Defeating AI-Powered Phishing Panic
Defeat AI-powered phishing panic and tame cyberchondria with our expert guide—secure your digital space and remain calm online.

Telephone-Based Cyber Attacks Strike Salesforce and Okta
Telephone-based cyber attacks target Salesforce and Okta, exposing vulnerabilities in telephony systems and triggering urgent security measures.

Scattered Spider: Three things the news doesn’t tell you
Delving into Scattered Spider, this article reveals three hidden truths the news omits, offering a fresh perspective beyond standard headlines.

Cybersecurity Update: Spanish Hacker Alcasec Back Behind Bars
Cybersecurity update: Spanish hacker Alcasec is back behind bars. Discover the latest details on his arrest and emerging cybercrime trends.