home.social

#vishing — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #vishing, aggregated by home.social.

  1. Google Exposes BlackFile Extortion Operation's Tactics

    Google's Threat Intelligence Group just exposed the clever tactics of the notorious BlackFile extortion operation, revealing how they use voice phishing and sneaky tech tricks to swindle dozens of organizations worldwide. Their clever scheme starts with a simple phone call, where fake IT helpers trick victims into spilling their secrets.

    osintsights.com/google-exposes

    #Adversaryinthemiddle #Vishing #Aitm #Unc6671 #GoogleThreatIntelligenceGroup

  2. 📢🪝⚠️ A Romanian national accused of running #VOIP vishing scams and using fake debit cards to drain bank accounts now faces up to 30 years in a US prison after extradition from #Romania.

    Read: hackread.com/romanian-man-30-y

    #CyberCrime #Scam #Vishing #CyberSecurity #Fraud

  3. Cybercrime Groups Exploit Vishing, SSO Abuse in SaaS Extortion Spree

    Cybercrime groups are launching lightning-fast extortion attacks within trusted SaaS environments, exploiting vishing and SSO abuse to evade detection and strike with precision. By hiding in plain sight, they're creating significant challenges for defenders trying to keep up.

    osintsights.com/cybercrime-gro

    #SaasExtortion #Vishing #SsoAbuse #CloudEconomy #Crowdstrike

  4. Show 4: The Digital Con Artist. Phishing today isn’t about hacking your computer it’s about hacking you. In this episode of The Geek and The Detective, Amy Lynn and Detective Derrick Stevens break down how scammers use fake profiles, urgent messages... #TheGeekAndTheDetective #Vishing #Smishing #MFA #CyberCrime #StaySafeOnline #TechSecurity #DigitalPrivacy #CyberAwareness amylynn.org/thegeekandthedetec

  5. Four grand. That's what it costs a random kid with a laptop to run a voice phishing operation that used to require a call center, a phisher, and a developer. ATHR packages all of it into one dashboard, tosses in AI voice agents that can ad-lib when a victim gets suspicious, and ships with ready-made lures for Google, Microsoft, Coinbase, Binance, and a few more.

    CyberCrime has a SaaS model now, complete with commission splits (10% of profits back to the vendor). The barrier to running a convincing vishing campaign just collapsed, and your awareness training still says "watch for typos in the email."

    🎙️ AI agents handle objections live, so the "support rep" sounds real because they are, functionally, reasoning
    📧 Lure emails are customized per target with accurate IPs, dates, locations, and pass authentication checks
    🏦 Eight brands supported out of the box, crypto exchanges heavily represented for obvious reasons
    🛡️ Stop looking at email indicators, start modeling normal communication patterns and flag the anomalies

    If your vishing defense is a 20-minute annual training video and a phish-report button, you're bringing a knife to a drone fight. The humans on the other end of the phone aren't humans anymore, and they don't get tired, rattled, or bored on calls.

    bleepingcomputer.com/news/secu

    #Cybersecurity #Vishing #AI #security #privacy #cloud #infosec #cybersecurity

  6. Here's the thing, there may be more people (if not 99% of the people) on other social networks, but at the end the day, I still need to actually *do something* with my projects or it is all just idle entertainment under the guise of not or I have no idea.

    I just want to nerd out on things that are cool to nerd out on and be able to talk about it with people that get it. That is all here.

    Here are all the hashtags of things I'm working on and will be posting about, what I'm interested in from others, and whatever adjacent from folks in those spheres bubble up (I want a clubhouse).

    #Malware #RedTeaming #PurpleTeaming #SocialEngineering #Vishing #ReverseEngineering

  7. Vaya, parece que hoy me ha salido un "hijo" espontáneo al que se le ha ahogado el móvil.
    Qué detalle que, en medio de su tragedia tecnológica, haya tenido tiempo de memorizar mi número, conseguir otro teléfono y escribirme con esa urgencia tan enternecedora (y tan falsa).

    Lo de "mamá" ya es de nivel avanzado de ciencia ficción, sobre todo porque no recordaba haber pasado por un paritorio últimamente.
    En fin, otro que se va directo a la lista de bloqueados antes de que me pida los datos de la tarjeta para "el arroz".

    Cuidado con estos "accidentes acuáticos", que lo único que quieren limpiar es vuestra cuenta corriente.

    ╰┈ ─ ─ ─ ─ ─ ─ ┈╯

    #estafa #vishing #seguridaddigital #fraude #sms #consejito

  8. Vaya, parece que hoy me ha salido un "hijo" espontáneo al que se le ha ahogado el móvil.
    Qué detalle que, en medio de su tragedia tecnológica, haya tenido tiempo de memorizar mi número, conseguir otro teléfono y escribirme con esa urgencia tan enternecedora (y tan falsa).

    Lo de "mamá" ya es de nivel avanzado de ciencia ficción, sobre todo porque no recordaba haber pasado por un paritorio últimamente.
    En fin, otro que se va directo a la lista de bloqueados antes de que me pida los datos de la tarjeta para "el arroz".

    Cuidado con estos "accidentes acuáticos", que lo único que quieren limpiar es vuestra cuenta corriente.

    ╰┈ ─ ─ ─ ─ ─ ─ ┈╯

    #estafa #vishing #seguridaddigital #fraude #sms #consejito

  9. Vaya, parece que hoy me ha salido un "hijo" espontáneo al que se le ha ahogado el móvil.
    Qué detalle que, en medio de su tragedia tecnológica, haya tenido tiempo de memorizar mi número, conseguir otro teléfono y escribirme con esa urgencia tan enternecedora (y tan falsa).

    Lo de "mamá" ya es de nivel avanzado de ciencia ficción, sobre todo porque no recordaba haber pasado por un paritorio últimamente.
    En fin, otro que se va directo a la lista de bloqueados antes de que me pida los datos de la tarjeta para "el arroz".

    Cuidado con estos "accidentes acuáticos", que lo único que quieren limpiar es vuestra cuenta corriente.

    ╰┈ ─ ─ ─ ─ ─ ─ ┈╯

    #estafa #vishing #seguridaddigital #fraude #sms #consejito

  10. Vaya, parece que hoy me ha salido un "hijo" espontáneo al que se le ha ahogado el móvil.
    Qué detalle que, en medio de su tragedia tecnológica, haya tenido tiempo de memorizar mi número, conseguir otro teléfono y escribirme con esa urgencia tan enternecedora (y tan falsa).

    Lo de "mamá" ya es de nivel avanzado de ciencia ficción, sobre todo porque no recordaba haber pasado por un paritorio últimamente.
    En fin, otro que se va directo a la lista de bloqueados antes de que me pida los datos de la tarjeta para "el arroz".

    Cuidado con estos "accidentes acuáticos", que lo único que quieren limpiar es vuestra cuenta corriente.

    ╰┈ ─ ─ ─ ─ ─ ─ ┈╯

    #estafa #vishing #seguridaddigital #fraude #sms #consejito

  11. Heute ist die Polizei anwesend und warnt vor Trickbetrügern. Die Betrüger rufen gezielt ältere Menschen an und es gibt aktuell eine Häufung von Fällen in der Umgebung der Milbertshofener Straße.

    #BA11Live #Vishing #Milbertshofen

  12. 📌 𝗠𝗼𝗯𝗶𝗹𝗲 𝗠𝗼𝗻𝗲𝘆 𝗲𝘁 𝗰𝘆𝗯𝗲𝗿𝗰𝗿𝗶𝗺𝗶𝗻𝗮𝗹𝗶𝘁𝗲́ : 𝗹𝗮 𝗰𝗼𝗻𝗳𝗿𝗼𝗻𝘁𝗮𝘁𝗶𝗼𝗻 𝗲𝗻 𝗖𝗼̂𝘁𝗲 𝗱’𝗜𝘃𝗼𝗶𝗿𝗲 𝗲𝘁 𝗮𝘂 𝗦𝗮𝗵𝗲𝗹

    facebook.com/share/p/1FvnokyUv
    𝗟𝗮 𝗯𝗼𝗻𝗻𝗲 𝗶𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗰𝗿𝗲́𝗱𝗶𝗯𝗶𝗹𝗶𝘀𝗲 𝗹𝗲 𝗺𝗲𝘀𝘀𝗮𝗴𝗲

    #VDLV #CyberSécuritéCI #MobileMoney #CIVforte #StopBrouteurs #ProtectionNumérique #AES #InclusionFinancière #Vishing #SIMSwap #FraudesDigitales

  13. So, I have a loose rule of thumb that says if a podcaster is advertising something, that thing is probably a scam. (Not all podcasters, not all products.) Most of the “identity protection services“ are exactly that. Most of them are owned by data brokers, so...?

    Anyway, I tell you that story to tell you this one: Aura has been breached, exposing almost a million records.

    gizmodo.com/the-company-paid-t

    You can check Troy Hunt’s Have I Been Pwned here to see if you’ve been caught up in any of the hundreds of data breaches recently:

    haveibeenpwned.com/Breach/Aura

    #dataBreach #infosec #ShinyHunters #vishing #TroyHunt

  14. Threat actors spam bombed inboxes, called targets pretending to be IT support, and owned nine endpoints in 11 hours. No zero days needed. Just social engineering over the phone.

    Most orgs train against phishing emails. Almost nobody trains against vishing. The phone call is the new attack vector hiding in plain sight.

    #cybersecurity #infosec #socialengineering #vishing

  15. 🚨 #ShinyHunters recruiting for vishing ops?

    A Telegram post linked to the group offers $500–$1000 per scripted call targeting helpdesks, suggesting structured social-engineering/initial access activity.
    The human layer remains a key attack surface.

    #Vishing #CTI #ThreatIntel

  16. Dutch police arrested a suspect linked to JokerOTP - a bot engineered to automate OTP harvesting and bypass SMS-based 2FA protections.

    Technique observed:
    • Automated voice phishing (vishing)
    • Fear-based social engineering
    • Real-time OTP interception
    • Credential resale & fraud enablement

    The case reinforces a persistent issue: OTP over SMS remains highly vulnerable to social engineering workflows.

    Security professionals - is it time to deprecate SMS-based MFA entirely?

    Engage in the discussion below.
    Follow @technadu for actionable threat intelligence.

    #InfoSec #MFA #TwoFactorAuthentication #Vishing #CyberCrime #ThreatIntelligence #Fraud #IdentityTheft #CyberDefense #BlueTeam #SecurityOps

  17. Dutch police arrested a suspect linked to JokerOTP - a bot engineered to automate OTP harvesting and bypass SMS-based 2FA protections.

    Technique observed:
    • Automated voice phishing (vishing)
    • Fear-based social engineering
    • Real-time OTP interception
    • Credential resale & fraud enablement

    The case reinforces a persistent issue: OTP over SMS remains highly vulnerable to social engineering workflows.

    Security professionals - is it time to deprecate SMS-based MFA entirely?

    Engage in the discussion below.
    Follow @technadu for actionable threat intelligence.

    #InfoSec #MFA #TwoFactorAuthentication #Vishing #CyberCrime #ThreatIntelligence #Fraud #IdentityTheft #CyberDefense #BlueTeam #SecurityOps

  18. Dutch police arrested a suspect linked to JokerOTP - a bot engineered to automate OTP harvesting and bypass SMS-based 2FA protections.

    Technique observed:
    • Automated voice phishing (vishing)
    • Fear-based social engineering
    • Real-time OTP interception
    • Credential resale & fraud enablement

    The case reinforces a persistent issue: OTP over SMS remains highly vulnerable to social engineering workflows.

    Security professionals - is it time to deprecate SMS-based MFA entirely?

    Engage in the discussion below.
    Follow @technadu for actionable threat intelligence.

    #InfoSec #MFA #TwoFactorAuthentication #Vishing #CyberCrime #ThreatIntelligence #Fraud #IdentityTheft #CyberDefense #BlueTeam #SecurityOps

  19. Dutch police arrested a suspect linked to JokerOTP - a bot engineered to automate OTP harvesting and bypass SMS-based 2FA protections.

    Technique observed:
    • Automated voice phishing (vishing)
    • Fear-based social engineering
    • Real-time OTP interception
    • Credential resale & fraud enablement

    The case reinforces a persistent issue: OTP over SMS remains highly vulnerable to social engineering workflows.

    Security professionals - is it time to deprecate SMS-based MFA entirely?

    Engage in the discussion below.
    Follow @technadu for actionable threat intelligence.

    #InfoSec #MFA #TwoFactorAuthentication #Vishing #CyberCrime #ThreatIntelligence #Fraud #IdentityTheft #CyberDefense #BlueTeam #SecurityOps

  20. 📰 ShinyHunters Claims Breach of Crunchbase, Betterment via Okta Vishing Attacks

    Cybercrime group ShinyHunters claims to have breached Crunchbase & Betterment by using voice phishing (vishing) to bypass Okta SSO. 📞 The attack highlights the risk of non-phishing-resistant MFA. #Vishing #ShinyHunters #Okta #CyberSecurity

    🔗 cyber.netsecops.io/articles/sh

  21. 10 deepfake’ów które zmieniły świat – zobacz nasze zestawienie

    Deepfake przestał być eksperymentem badawczym i ciekawostką z laboratoriów AI. W ciągu ostatnich kilku lat stał się narzędziem realnego wpływu: politycznego, finansowego i informacyjnego. W tym zestawieniu zobaczysz dziesięć przypadków deepfake’ów, które miały mierzalny wpływ na rzeczywistość – od mediów społecznościowych, przez procesy wyborcze, po rynki finansowe. Ranking jest ułożony...

    #Aktualności #Teksty #Ai #Deepfake #Phishing #Ranking #Scam #Vishing

    sekurak.pl/10-deepfakeow-ktore

  22. 📢⚠️ #ShinyHunters hacker group is targeting 100+ organisations with phone-based phishing and fake login pages to bypass SSO and steal credentials, researchers say.

    Read: hackread.com/shinyhunters-targ

    #Cybersecurity #SLSH #SSO #Vishing #Phishing

  23. 📢⚠️ hacker group is targeting 100+ organisations with phone-based phishing and fake login pages to bypass SSO and steal credentials, researchers say.

    Read: hackread.com/shinyhunters-targ

  24. 📢⚠️ #ShinyHunters hacker group is targeting 100+ organisations with phone-based phishing and fake login pages to bypass SSO and steal credentials, researchers say.

    Read: hackread.com/shinyhunters-targ

    #Cybersecurity #SLSH #SSO #Vishing #Phishing

  25. 📢⚠️ #ShinyHunters hacker group is targeting 100+ organisations with phone-based phishing and fake login pages to bypass SSO and steal credentials, researchers say.

    Read: hackread.com/shinyhunters-targ

    #Cybersecurity #SLSH #SSO #Vishing #Phishing

  26. 📢⚠️ #ShinyHunters hacker group is targeting 100+ organisations with phone-based phishing and fake login pages to bypass SSO and steal credentials, researchers say.

    Read: hackread.com/shinyhunters-targ

    #Cybersecurity #SLSH #SSO #Vishing #Phishing

  27. Real-time “vishing” is back with teeth: attackers call targets while walking them through a lookalike SSO login, capturing creds and pressuring MFA approvals live. Reported ShinyHunters-branded activity, with data theft and extortion already in the mix. Defense move: treat unexpected “IT/security” calls as hostile, verify out-of-band, and push phishing-resistant MFA (FIDO2/passkeys) wherever SSO is in play.

    A new wave of ‘vishing’ attacks is breaking into SSO accounts in real time
    cyberscoop.com/shinyhunters-vo

    #cybersecurity #Infosec #vishing

  28. 📰 ShinyHunters Claims Breach of Crunchbase, Betterment via Okta Vishing Attacks

    Cybercrime group ShinyHunters claims to have breached Crunchbase & Betterment by using voice phishing (vishing) to bypass Okta SSO. 📞 The attack highlights the risk of non-phishing-resistant MFA. #Vishing #ShinyHunters #Okta #CyberSecurity

    🔗 cyber.netsecops.io/articles/sh

  29. ShinyHunters has claimed responsibility for the Okta vishing campaign and alleges it leaked data from Crunchbase, SoundCloud, and Betterment after failed extortion attempts, warning more disclosures are coming.

    Live phone calls + real-time phishing pages allow attackers to control authentication flows.

    🔗 technadu.com/okta-sso-accounts

    Is phishing-resistant MFA now mandatory?

    #Okta #Vishing #IdentitySecurity #MFA #InfoSec

  30. ShinyHunters has claimed responsibility for the Okta vishing campaign and alleges it leaked data from Crunchbase, SoundCloud, and Betterment after failed extortion attempts, warning more disclosures are coming.

    Live phone calls + real-time phishing pages allow attackers to control authentication flows.

    🔗 technadu.com/okta-sso-accounts

    Is phishing-resistant MFA now mandatory?

    #Okta #Vishing #IdentitySecurity #MFA #InfoSec