SAN FRANCISCO, January 23, 2026 16:50:00
Phishing Kits now Tailored for Voice-Based Scams
Table of Contents
Attackers are leveling up their tactics, creating specialized phishing kits designed to support “vishing” – voice phishing – attacks.
- Elegant phishing kits are being built specifically to aid vishing calls.
- These kits can intercept user credentials during real-time conversations.
- Attackers use intercepted data to convincingly request MFA approval from victims.
- Okta recently uncovered these custom-built kits, highlighting a growing threat.
The digital world just got a little more perilous. Cybercriminals are now deploying custom phishing kits designed to work hand-in-hand with vishing, or voice phishing, attacks. This means scammers aren’t just sending deceptive emails anymore; they’re actively using stolen information to manipulate people over the phone, making their cons far more believable.
How Vishing Kits Work
These aren’t your grandfather’s phishing schemes. The newly discovered kits are engineered to intercept user credentials while simultaneously providing attackers with real-time context. This allows them to convincingly pose as legitimate support personnel and guide victims through approving multi-factor authentication (MFA) challenges during phone calls. Essentially, they have the answers *before* you even realize you’re being asked a question.
Okta recently detailed the discovery of these specialized kits, noting their ability to provide attackers with the information needed to bypass security measures. The kits aren’t just collecting usernames and passwords; they’re gathering the details necessary to impersonate trusted entities and exploit the human element of security.
The MFA Challenge
Multi-factor authentication is often touted as a strong defence against account takeovers. However, these new kits undermine that protection by enabling attackers to intercept the codes sent to users during the authentication process. By having the context of the ongoing phone call, they can convincingly request the code and gain access to the account.
What is the biggest risk with these new phishing kits? These kits allow attackers to bypass multi-factor authentication by intercepting credentials and using real-time context during vishing calls.
Protecting Yourself from Vishing
Staying vigilant is key. Be wary of unsolicited phone calls, especially those requesting personal information or urging immediate action. Always verify the caller’s identity through official channels before sharing any sensitive data. Remember, legitimate organizations will not ask for sensitive information over the phone.
