home.social

#vishing — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #vishing, aggregated by home.social.

  1. ¿Te han llamado haciéndose pasar por un banco o una empresa?

    Eso es #vishing.

    #privacidaddigital

    En este video te explicamos qué es, cómo funciona y cómo prevenir este tipo de engaños para proteger tu información y tu dinero.
    threads.com/@elbilletefalso/po

  2. Helix Group Exploits SharePoint with Advanced Vishing Tactics

    Helix Group hackers are using clever voice phishing tactics, often impersonating managers, to trick victims into handing over account access. They use a simple yet effective playbook, starting with a convincing phone call that sets the stage for a device-code phishing scheme.

    osintsights.com/helix-group-ex

    #VoicePhishing #Vishing #DevicecodePhishing #MfaBypass #ThreatActors

  3. Helix Group Exploits SharePoint with Advanced Vishing Tactics

    Helix Group hackers are using clever voice phishing tactics, often impersonating managers, to trick victims into handing over account access. They use a simple yet effective playbook, starting with a convincing phone call that sets the stage for a device-code phishing scheme.

    osintsights.com/helix-group-ex

    #VoicePhishing #Vishing #DevicecodePhishing #MfaBypass #ThreatActors

  4. When did it become OK for vendors to cold-text me and slide into my WhatsApp?

    You just trained your whole sales team to look exactly like a smishing attack. Congrats.

    #Cybersecurity #InfoSec #Sales #security #privacy #cloud #phishing #smishing #vishing

  5. When did it become OK for vendors to cold-text me and slide into my WhatsApp?

    You just trained your whole sales team to look exactly like a smishing attack. Congrats.

    #Cybersecurity #InfoSec #Sales #security #privacy #cloud #phishing #smishing #vishing

  6. Luna Moth incassa 20 milioni di dollari da Weil Gotshal & Manges: il gruppo entra fisicamente negli uffici per rubare dati

    La prestigiosa law firm americana Weil, Gotshal & Manges ha pagato tra i 18 e i 20 milioni di dollari al gruppo di estorsione Luna Moth (Silent Ransom Group) per impedire la pubblicazione di documenti riservati dei clienti. L'FBI ha emesso un alert FLASH documentando per la prima volta l'escalation tattica del gruppo, che ora invia operativi fisici negli uffici delle vittime quando le tecniche di accesso remoto falliscono.

    insicurezzadigitale.com/luna-m

  7. Luna Moth incassa 20 milioni di dollari da Weil Gotshal & Manges: il gruppo entra fisicamente negli uffici per rubare dati

    La prestigiosa law firm americana Weil, Gotshal & Manges ha pagato tra i 18 e i 20 milioni di dollari al gruppo di estorsione Luna Moth (Silent Ransom Group) per impedire la pubblicazione di documenti riservati dei clienti. L'FBI ha emesso un alert FLASH documentando per la prima volta l'escalation tattica del gruppo, che ora invia operativi fisici negli uffici delle vittime quando le tecniche di accesso remoto falliscono.

    insicurezzadigitale.com/luna-m

  8. Threat Actors Exploit Vishing, Physical Intrusions in US Data Extortion Campaign

    Meet UNC3753, a notorious group of threat actors using clever voice phishing and social engineering tactics to infiltrate US corporate environments and steal sensitive data. Their deceitfully simple attacks start with a phone call or email and quickly escalate into rapid data theft and ransom demands.

    osintsights.com/threat-actors-

    #DataExtortion #Vishing #SocialEngineering #Unc3753 #ChattySpider

  9. 📣🚨 Cybersecurity researchers are warning businesses about #Pink Extortion Group, a new cybercrime group that uses voice phishing to bypass multi-factor authentication and steal files from cloud environments.

    Read: hackread.com/pink-extortion-mi

    #CyberSecurity #CyberCrime #Extortion #Scam #Vishing

  10. 📣🚨 Cybersecurity researchers are warning businesses about #Pink Extortion Group, a new cybercrime group that uses voice phishing to bypass multi-factor authentication and steal files from cloud environments.

    Read: hackread.com/pink-extortion-mi

    #CyberSecurity #CyberCrime #Extortion #Scam #Vishing

  11. Mandiant Exposes UNC3753's US Law Firm Data Heist Tactics

    Beware of UNC3753, a notorious group that's been stealing sensitive data from US law firms and other professional services, using clever vishing tactics and lightning-fast intrusions to extort their victims. In some cases, they can go from initial contact to data theft in under an hour.

    osintsights.com/mandiant-expos

    #DataTheft #Extortion #Vishing #SocialEngineering #Unc3753

  12. Ransomware Gang Pink Exploits Helpdesk Calls to Steal Credentials

    Meet Pink, a notorious ransomware gang that's exploiting helpdesk calls to steal sensitive credentials using clever tactics like vishing and IT impersonation. They're using these stolen secrets to exfiltrate valuable data from enterprise cloud storage and productivity systems, leaving victims with a tough choice: pay up or face the consequences.

    osintsights.com/ransomware-gan

    #Ransomware #Pink #MfaBypass #Vishing #ItImpersonation

  13. Měla povědomí o podvodech po telefonu (takzvanému vishingu) a znala i možné varovné signály, podle kterých lze podvod rozeznat. Přesto šejdíři ženu z Prahy 6 během 24 hodin připravili o 600 000 korun, než si uvědomila, že se stala obětí rafinované psychologické manipulace.

    Tón: : mírně negativní
    #česko #gdelt #podvod #podvodníci #vishing(voicePhishing)

    novinky.cz/clanek/internet-a-p

  14. Měla povědomí o podvodech po telefonu (takzvanému vishingu) a znala i možné varovné signály, podle kterých lze podvod rozeznat. Přesto šejdíři ženu z Prahy 6 během 24 hodin připravili o 600 000 korun, než si uvědomila, že se stala obětí rafinované psychologické manipulace.

    Tón: : mírně negativní
    #česko #gdelt #podvod #podvodníci #vishing(voicePhishing)

    novinky.cz/clanek/internet-a-p

  15. Charter Communications Breach Exposes 4.9 Million Accounts

    A shocking data breach at Charter Communications has left 4.9 million customer accounts vulnerable, with hackers gaining access to sensitive information including names, email addresses, phone numbers, and physical addresses. The breach occurred after a clever voice phishing attack on April 1 allowed cybercriminals to tap into the company's…

    osintsights.com/charter-commun

    #Shinyhunters #CharterCommunications #DataBreach #Vishing #Salesforce

  16. Google Exposes BlackFile Extortion Operation's Tactics

    Google's Threat Intelligence Group just exposed the clever tactics of the notorious BlackFile extortion operation, revealing how they use voice phishing and sneaky tech tricks to swindle dozens of organizations worldwide. Their clever scheme starts with a simple phone call, where fake IT helpers trick victims into spilling their secrets.

    osintsights.com/google-exposes

    #Adversaryinthemiddle #Vishing #Aitm #Unc6671 #GoogleThreatIntelligenceGroup

  17. 📢🪝⚠️ A Romanian national accused of running #VOIP vishing scams and using fake debit cards to drain bank accounts now faces up to 30 years in a US prison after extradition from #Romania.

    Read: hackread.com/romanian-man-30-y

    #CyberCrime #Scam #Vishing #CyberSecurity #Fraud

  18. 📢🪝⚠️ A Romanian national accused of running #VOIP vishing scams and using fake debit cards to drain bank accounts now faces up to 30 years in a US prison after extradition from #Romania.

    Read: hackread.com/romanian-man-30-y

    #CyberCrime #Scam #Vishing #CyberSecurity #Fraud

  19. Cybercrime Groups Exploit Vishing, SSO Abuse in SaaS Extortion Spree

    Cybercrime groups are launching lightning-fast extortion attacks within trusted SaaS environments, exploiting vishing and SSO abuse to evade detection and strike with precision. By hiding in plain sight, they're creating significant challenges for defenders trying to keep up.

    osintsights.com/cybercrime-gro

    #SaasExtortion #Vishing #SsoAbuse #CloudEconomy #Crowdstrike

  20. Show 4: The Digital Con Artist. Phishing today isn’t about hacking your computer it’s about hacking you. In this episode of The Geek and The Detective, Amy Lynn and Detective Derrick Stevens break down how scammers use fake profiles, urgent messages... #TheGeekAndTheDetective #Vishing #Smishing #MFA #CyberCrime #StaySafeOnline #TechSecurity #DigitalPrivacy #CyberAwareness amylynn.org/thegeekandthedetec

  21. Four grand. That's what it costs a random kid with a laptop to run a voice phishing operation that used to require a call center, a phisher, and a developer. ATHR packages all of it into one dashboard, tosses in AI voice agents that can ad-lib when a victim gets suspicious, and ships with ready-made lures for Google, Microsoft, Coinbase, Binance, and a few more.

    CyberCrime has a SaaS model now, complete with commission splits (10% of profits back to the vendor). The barrier to running a convincing vishing campaign just collapsed, and your awareness training still says "watch for typos in the email."

    🎙️ AI agents handle objections live, so the "support rep" sounds real because they are, functionally, reasoning
    📧 Lure emails are customized per target with accurate IPs, dates, locations, and pass authentication checks
    🏦 Eight brands supported out of the box, crypto exchanges heavily represented for obvious reasons
    🛡️ Stop looking at email indicators, start modeling normal communication patterns and flag the anomalies

    If your vishing defense is a 20-minute annual training video and a phish-report button, you're bringing a knife to a drone fight. The humans on the other end of the phone aren't humans anymore, and they don't get tired, rattled, or bored on calls.

    bleepingcomputer.com/news/secu

    #Cybersecurity #Vishing #AI #security #privacy #cloud #infosec #cybersecurity

  22. Four grand. That's what it costs a random kid with a laptop to run a voice phishing operation that used to require a call center, a phisher, and a developer. ATHR packages all of it into one dashboard, tosses in AI voice agents that can ad-lib when a victim gets suspicious, and ships with ready-made lures for Google, Microsoft, Coinbase, Binance, and a few more.

    CyberCrime has a SaaS model now, complete with commission splits (10% of profits back to the vendor). The barrier to running a convincing vishing campaign just collapsed, and your awareness training still says "watch for typos in the email."

    🎙️ AI agents handle objections live, so the "support rep" sounds real because they are, functionally, reasoning
    📧 Lure emails are customized per target with accurate IPs, dates, locations, and pass authentication checks
    🏦 Eight brands supported out of the box, crypto exchanges heavily represented for obvious reasons
    🛡️ Stop looking at email indicators, start modeling normal communication patterns and flag the anomalies

    If your vishing defense is a 20-minute annual training video and a phish-report button, you're bringing a knife to a drone fight. The humans on the other end of the phone aren't humans anymore, and they don't get tired, rattled, or bored on calls.

    bleepingcomputer.com/news/secu

    #Cybersecurity #Vishing #AI #security #privacy #cloud #infosec #cybersecurity

  23. Voice phishing is now one of the most effective initial access methods in recent incident data.

    The attack doesn't beat your technical controls. It convinces someone to bypass them.

    No suspicious login. Nothing to filter. A valid credential, handed over through normal procedures.

    What IS detectable: behavior after the handover. The attacker doesn't move like the legitimate user. Auth Sentry catches it.

    gethumming.io/how-it-works

    #ITDR #IdentitySecurity #Vishing #CyberSecurity

  24. Here's the thing, there may be more people (if not 99% of the people) on other social networks, but at the end the day, I still need to actually *do something* with my projects or it is all just idle entertainment under the guise of not or I have no idea.

    I just want to nerd out on things that are cool to nerd out on and be able to talk about it with people that get it. That is all here.

    Here are all the hashtags of things I'm working on and will be posting about, what I'm interested in from others, and whatever adjacent from folks in those spheres bubble up (I want a clubhouse).

    #Malware #RedTeaming #PurpleTeaming #SocialEngineering #Vishing #ReverseEngineering

  25. Here's the thing, there may be more people (if not 99% of the people) on other social networks, but at the end the day, I still need to actually *do something* with my projects or it is all just idle entertainment under the guise of not or I have no idea.

    I just want to nerd out on things that are cool to nerd out on and be able to talk about it with people that get it. That is all here.

    Here are all the hashtags of things I'm working on and will be posting about, what I'm interested in from others, and whatever adjacent from folks in those spheres bubble up (I want a clubhouse).

    #Malware #RedTeaming #PurpleTeaming #SocialEngineering #Vishing #ReverseEngineering

  26. Vaya, parece que hoy me ha salido un "hijo" espontáneo al que se le ha ahogado el móvil.
    Qué detalle que, en medio de su tragedia tecnológica, haya tenido tiempo de memorizar mi número, conseguir otro teléfono y escribirme con esa urgencia tan enternecedora (y tan falsa).

    Lo de "mamá" ya es de nivel avanzado de ciencia ficción, sobre todo porque no recordaba haber pasado por un paritorio últimamente.
    En fin, otro que se va directo a la lista de bloqueados antes de que me pida los datos de la tarjeta para "el arroz".

    Cuidado con estos "accidentes acuáticos", que lo único que quieren limpiar es vuestra cuenta corriente.

    ╰┈ ─ ─ ─ ─ ─ ─ ┈╯

    #estafa #vishing #seguridaddigital #fraude #sms #consejito

  27. Vaya, parece que hoy me ha salido un "hijo" espontáneo al que se le ha ahogado el móvil.
    Qué detalle que, en medio de su tragedia tecnológica, haya tenido tiempo de memorizar mi número, conseguir otro teléfono y escribirme con esa urgencia tan enternecedora (y tan falsa).

    Lo de "mamá" ya es de nivel avanzado de ciencia ficción, sobre todo porque no recordaba haber pasado por un paritorio últimamente.
    En fin, otro que se va directo a la lista de bloqueados antes de que me pida los datos de la tarjeta para "el arroz".

    Cuidado con estos "accidentes acuáticos", que lo único que quieren limpiar es vuestra cuenta corriente.

    ╰┈ ─ ─ ─ ─ ─ ─ ┈╯

    #estafa #vishing #seguridaddigital #fraude #sms #consejito

  28. Heute ist die Polizei anwesend und warnt vor Trickbetrügern. Die Betrüger rufen gezielt ältere Menschen an und es gibt aktuell eine Häufung von Fällen in der Umgebung der Milbertshofener Straße.

    #BA11Live #Vishing #Milbertshofen

  29. Heute ist die Polizei anwesend und warnt vor Trickbetrügern. Die Betrüger rufen gezielt ältere Menschen an und es gibt aktuell eine Häufung von Fällen in der Umgebung der Milbertshofener Straße.

    #BA11Live #Vishing #Milbertshofen

  30. 📌 𝗠𝗼𝗯𝗶𝗹𝗲 𝗠𝗼𝗻𝗲𝘆 𝗲𝘁 𝗰𝘆𝗯𝗲𝗿𝗰𝗿𝗶𝗺𝗶𝗻𝗮𝗹𝗶𝘁𝗲́ : 𝗹𝗮 𝗰𝗼𝗻𝗳𝗿𝗼𝗻𝘁𝗮𝘁𝗶𝗼𝗻 𝗲𝗻 𝗖𝗼̂𝘁𝗲 𝗱’𝗜𝘃𝗼𝗶𝗿𝗲 𝗲𝘁 𝗮𝘂 𝗦𝗮𝗵𝗲𝗹

    facebook.com/share/p/1FvnokyUv
    𝗟𝗮 𝗯𝗼𝗻𝗻𝗲 𝗶𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗰𝗿𝗲́𝗱𝗶𝗯𝗶𝗹𝗶𝘀𝗲 𝗹𝗲 𝗺𝗲𝘀𝘀𝗮𝗴𝗲

    #VDLV #CyberSécuritéCI #MobileMoney #CIVforte #StopBrouteurs #ProtectionNumérique #AES #InclusionFinancière #Vishing #SIMSwap #FraudesDigitales

  31. So, I have a loose rule of thumb that says if a podcaster is advertising something, that thing is probably a scam. (Not all podcasters, not all products.) Most of the “identity protection services“ are exactly that. Most of them are owned by data brokers, so...?

    Anyway, I tell you that story to tell you this one: Aura has been breached, exposing almost a million records.

    gizmodo.com/the-company-paid-t

    You can check Troy Hunt’s Have I Been Pwned here to see if you’ve been caught up in any of the hundreds of data breaches recently:

    haveibeenpwned.com/Breach/Aura

    #dataBreach #infosec #ShinyHunters #vishing #TroyHunt

  32. So, I have a loose rule of thumb that says if a podcaster is advertising something, that thing is probably a scam. (Not all podcasters, not all products.) Most of the “identity protection services“ are exactly that. Most of them are owned by data brokers, so...?

    Anyway, I tell you that story to tell you this one: Aura has been breached, exposing almost a million records.

    gizmodo.com/the-company-paid-t

    You can check Troy Hunt’s Have I Been Pwned here to see if you’ve been caught up in any of the hundreds of data breaches recently:

    haveibeenpwned.com/Breach/Aura

    #dataBreach #infosec #ShinyHunters #vishing #TroyHunt

  33. Threat actors spam bombed inboxes, called targets pretending to be IT support, and owned nine endpoints in 11 hours. No zero days needed. Just social engineering over the phone.

    Most orgs train against phishing emails. Almost nobody trains against vishing. The phone call is the new attack vector hiding in plain sight.

    #cybersecurity #infosec #socialengineering #vishing

  34. 🚨 #ShinyHunters recruiting for vishing ops?

    A Telegram post linked to the group offers $500–$1000 per scripted call targeting helpdesks, suggesting structured social-engineering/initial access activity.
    The human layer remains a key attack surface.

    #Vishing #CTI #ThreatIntel