Skip to main content

Tag: vishing

27 articles

Phone on a desk in a customer service setting with a person working at a computer in the background.

Privacy Breach at Qantas Exposed by Tech Support Scam Tactics

A clever tech-support scam led to a massive 2025 Qantas privacy breach, where 5.7 million customer records were compromised after a social engineering call tricked a contact-centre agent into giving away sensitive access. The sneaky tactic, not a systemic failure, was the surprising root cause of the breach.

Analyst 207
Five cuffed individuals stand in a row in a neutral-colored institutional hallway.

UK Authorities Charge Five in Russian Coms Fraud Crackdown

In a major crackdown on Russian Coms Fraud, UK authorities have charged five individuals linked to a notorious platform that enabled scammers to hide their identities and swindle victims by impersonating trusted institutions. The platform, shut down in 2024, had been facilitating these deceitful calls since 2020.

Analyst 207
Business setting with laptop on desk, papers and supplies nearby, and CRM system on screen.

Microsoft Tracks ShinyHunters' Salesforce Data Theft Via OAuth Flaws

Microsoft uncovered a sneaky year-long operation by the ShinyHunters extortion group, who exploited trust in Salesforce's OAuth system to steal sensitive data, using clever vishing tactics to trick employees into granting access to a malicious app. The attackers posed as IT support, convincing victims to authorize a fake Data Loader tool that allowed them to make API calls and search for valuable credentials.

Analyst 207
Person sitting at desk, speaking on phone with concerned expression, blurred computer screen in background.

Hackers Exploit Microsoft Entra Passkey Enrollment in Voice Phishing Attacks

Hackers are using voice phishing attacks to trick Microsoft 365 users into enrolling a new Entra passkey, targeting multiple sectors including food and beverage, technology, and healthcare. They're registering domains with the word "passkey" to convincingly pose as legitimate Microsoft representatives.

Analyst 207
Person sitting at desk, looking concerned while on phone call.

Helix Group Exploits SharePoint with Advanced Vishing Tactics

Helix Group hackers are using clever voice phishing tactics, often impersonating managers, to trick victims into handing over account access. They use a simple yet effective playbook, starting with a convincing phone call that sets the stage for a device-code phishing scheme.

Analyst 207
Brightly-lit office setting with phone on desk, blurred background, and corporate elements.

Threat Actors Exploit Vishing, Physical Intrusions in US Data Extortion Campaign

Meet UNC3753, a notorious group of threat actors using clever voice phishing and social engineering tactics to infiltrate US corporate environments and steal sensitive data. Their deceitfully simple attacks start with a phone call or email and quickly escalate into rapid data theft and ransom demands.

Analyst 207
Blurred computer workstation and file cabinet in a brightly-lit office interior, with a cityscape visible through the window.

Mandiant Exposes UNC3753's US Law Firm Data Heist Tactics

Beware of UNC3753, a notorious group that's been stealing sensitive data from US law firms and other professional services, using clever vishing tactics and lightning-fast intrusions to extort their victims. In some cases, they can go from initial contact to data theft in under an hour.

Analyst 207
Helpdesk workers surrounded by cubicles, phones, and fluorescent lighting, with an atmosphere of unease and vulnerability.

Ransomware Gang Pink Exploits Helpdesk Calls to Steal Credentials

Meet Pink, a notorious ransomware gang that's exploiting helpdesk calls to steal sensitive credentials using clever tactics like vishing and IT impersonation. They're using these stolen secrets to exfiltrate valuable data from enterprise cloud storage and productivity systems, leaving victims with a tough choice: pay up or face the consequences.

Analyst 207
Concerned customer surrounded by paperwork and communication equipment.

Charter Communications Breach Exposes 4.9 Million Accounts

A shocking data breach at Charter Communications has left 4.9 million customer accounts vulnerable, with hackers gaining access to sensitive information including names, email addresses, phone numbers, and physical addresses. The breach occurred after a clever voice phishing attack on April 1 allowed cybercriminals to tap into the company's Salesforce database.

Analyst 207
Person sitting at desk, confused, looking at smartphone with multiple push notifications.

MFA Prompt Bombing Exposes Weakness in Two-Factor Security

A shocking 2.8GB of data was stolen from Cisco after a clever attacker tricked an employee into approving a push-based MFA prompt, highlighting a disturbing vulnerability in two-factor security. This brazen hack, linked to the Yanluowang ransomware group, shows how attackers can exploit the very security measures meant to protect us.

Analyst 207
Person receiving phone call in office setting with blurred phone screen and computer in background.

Google Exposes BlackFile Extortion Operation's Tactics

Google's Threat Intelligence Group just exposed the clever tactics of the notorious BlackFile extortion operation, revealing how they use voice phishing and sneaky tech tricks to swindle dozens of organizations worldwide. Their clever scheme starts with a simple phone call, where fake IT helpers trick victims into spilling their secrets.

Analyst 207
A brightly-lit office workspace with a laptop on a desk, surrounded by ordinary decor and a subtle hint of a phone nearby.

Cybercrime Groups Exploit Vishing, SSO Abuse in SaaS Extortion Spree

Cybercrime groups are launching lightning-fast extortion attacks within trusted SaaS environments, exploiting vishing and SSO abuse to evade detection and strike with precision. By hiding in plain sight, they're creating significant challenges for defenders trying to keep up.

Analyst 207
Coupang Breach: Stunning Damage Hits 34M, Leaders React

Coupang Breach: Stunning Damage Hits 34M, Leaders React

Coupang breach jolted roughly 34 million customers after attackers used vishing and compromised vendor channels to steal—and then extort—sensitive data; here’s what went wrong and what customers and companies need to do next.

Analyst 207
Person sits at cluttered desk, face obscured by phone, with concerned expression and laptop screen glowing ominously in…

HMRC Exclusive: Alarming 135K Scam Reports

HMRC logged 135,500 suspected scam reports in ten months — nearly 4,800 tied to self‑assessment — showing fraudsters are getting craftier with texts, calls and AI‑generated lures. Here’s what to watch for and how to protect yourself.

Analyst 207
ShinyHunters Exclusive: Damaging Corporate Extortion Wave

ShinyHunters Exclusive: Damaging Corporate Extortion Wave

The ShinyHunters campaign has escalated from quiet database dumps to brazen public extortion—naming victims, posting timetables, and using voice‑phishing plus massive file thefts that could turn single breaches into a supply‑chain crisis. Corporations now face a stark choice: pay ransoms or risk a public dump of sensitive customer and corporate data.

Analyst 207
ShinyHunters Exclusive: Dangerous Corporate Extortion

ShinyHunters Exclusive: Dangerous Corporate Extortion

ShinyHunters has escalated from voice‑phishing to a public extortion site threatening to dump data from dozens of Fortune 500 companies. That shift puts customers and companies at risk and makes strengthening human‑centric defenses and zero‑trust controls urgently necessary.

Analyst 207
Orange Belgium customers: Stunning Risky Breach 850K

Orange Belgium customers: Stunning Risky Breach 850K

A massive breach at Orange Belgium has put about 850,000 customers’ personal details into criminal hands, raising risks like SIM‑swap, targeted phishing and identity theft. If you might be affected, check what was exposed, lock down your carrier account with app‑based 2FA or a unique PIN, and be extra skeptical of unsolicited calls, texts or emails.

Analyst 207
Experts Develop Voice-Changing Technology to Combat ‘Vishing’ Scams

Experts Develop Voice-Changing Technology to Combat ‘Vishing’ Scams

Experts create innovative voice-changing technology to help combat ‘vishing’ scams, enhancing security and protecting personal information from fraud.

Analyst 207
Fake IT Support Exploited in New Voice Phishing Scam

Fake IT Support Exploited in New Voice Phishing Scam

Fake IT support scammers are using voice phishing tactics to dupe victims. Learn about the new scam and how to protect yourself from tech fraud.

Analyst 207
Shadow AI: The Threat You’re Funding Without Knowing It

Shadow AI: The Threat You’re Funding Without Knowing It

Discover Shadow AI—a hidden threat quietly funded behind the scenes. Uncover how covert investments fuel digital risks and undermine control.

Analyst 207
Navigating Cyberchondria: Defeating AI-Powered Phishing Panic

Navigating Cyberchondria: Defeating AI-Powered Phishing Panic

Defeat AI-powered phishing panic and tame cyberchondria with our expert guide—secure your digital space and remain calm online.

Analyst 207
Telephone-Based Cyber Attacks Strike Salesforce and Okta

Telephone-Based Cyber Attacks Strike Salesforce and Okta

Telephone-based cyber attacks target Salesforce and Okta, exposing vulnerabilities in telephony systems and triggering urgent security measures.

Analyst 207
Scattered Spider: Three things the news doesn’t tell you

Scattered Spider: Three things the news doesn’t tell you

Delving into Scattered Spider, this article reveals three hidden truths the news omits, offering a fresh perspective beyond standard headlines.

Analyst 207
Cybersecurity Update: Spanish Hacker Alcasec Back Behind Bars

Cybersecurity Update: Spanish Hacker Alcasec Back Behind Bars

Cybersecurity update: Spanish hacker Alcasec is back behind bars. Discover the latest details on his arrest and emerging cybercrime trends.

Analyst 207