Recent threat intelligence shows that advanced phishing kits are now tailored to support voice-based social engineering (vishing),dramatically increasing the effectiveness of mobile phishing campaigns. These kits allow attackers to control phishing pages in real time, updating content to match what the caller instructs during a live call, including prompting for credentials and multi-factor authentication (MFA) codes entered on mobile browsers. This real-time synchronization makes fraudulent prompts look legitimate to mobile users and can bypass non-phishing-resistant MFA methods. As attackers blend voice and web phishing, mobile users face heightened credential theft risks.
Read the full report here.
