Researchers found phishing-as-a-service toolkits engineered for voice-based social engineering (βvishingβ) that synchronize fake login pages with live phone calls to defeat multifactor authentication. The kits target providers like Google, Microsoft and Okta, use real-time orchestration and Telegram for credential theft, and only phishing-resistant methods such as FIDO passkeys can reliably stop these attacks. #Okta #Google #Microsoft #FIDO #Telegram
Keypoints
- Toolkits synchronize phishing pages with live calls to manipulate victims during authentication.
- Attackers spoof support numbers and coach victims to approve push notifications or enter one-time codes.
- Kits target identity providers and cryptocurrency platforms including Google, Microsoft and Okta.
- Attackers use command-and-control panels to update pages in real time and receive credentials via Telegram.
- Only phishing-resistant methods like FIDO passkeys and allowlisting legitimate network origins can effectively defend against these attacks.
Read More: https://thecyberexpress.com/phishing-toolkits-to-defeat-mfa/