Custom voice-phishing kits sold on dark web forums and messaging platforms provide real-time, phone-assisted tools that help criminals intercept credentials and multi-factor authentication codes for Google, Microsoft, and Okta accounts. These โimpersonation-as-a-serviceโ offerings mimic authentication flows, forward harvested credentials (often via Telegram), recruit native-English callers for helpdesk scams, and have enabled large-scale intrusions such as Salesforce data theft. #Okta #Google #Microsoft #Salesforce #Telegram #ScatteredSpider
Keypoints
- Phishing kits are sold as a service on dark web forums and messaging platforms and include real-time attacker assistance.
- The kits closely mimic identity provider authentication flows and can update phishing pages live during an attack.
- Attackers perform open-source reconnaissance and use spoofed helpdesk calls to drive victims to realistic phishing sites.
- Harvested credentials and MFA responses are forwarded (commonly via Telegram) and used immediately to compromise accounts.
- These tools have supported Scattered Spider-like support-call scams and enabled large-scale breaches of services like Salesforce.
Read More: https://www.theregister.com/2026/01/22/crims_sell_voice_phishing_kits/