Four grand. That's what it costs a random kid with a laptop to run a voice phishing operation that used to require a call center, a phisher, and a developer. ATHR packages all of it into one dashboard, tosses in AI voice agents that can ad-lib when a victim gets suspicious, and ships with ready-made lures for Google, Microsoft, Coinbase, Binance, and a few more.

CyberCrime has a SaaS model now, complete with commission splits (10% of profits back to the vendor). The barrier to running a convincing vishing campaign just collapsed, and your awareness training still says "watch for typos in the email."

🎙️ AI agents handle objections live, so the "support rep" sounds real because they are, functionally, reasoning
📧 Lure emails are customized per target with accurate IPs, dates, locations, and pass authentication checks
🏦 Eight brands supported out of the box, crypto exchanges heavily represented for obvious reasons
🛡️ Stop looking at email indicators, start modeling normal communication patterns and flag the anomalies

If your vishing defense is a 20-minute annual training video and a phish-report button, you're bringing a knife to a drone fight. The humans on the other end of the phone aren't humans anymore, and they don't get tired, rattled, or bored on calls.

https://www.bleepingcomputer.com/news/security/new-athr-vishing-platform-uses-ai-voice-agents-for-automated-attacks/

#Cybersecurity #Vishing #AI #security #privacy #cloud #infosec #cybersecurity

Voice phishing is now one of the most effective initial access methods in recent incident data.

The attack doesn't beat your technical controls. It convinces someone to bypass them.

No suspicious login. Nothing to filter. A valid credential, handed over through normal procedures.

What IS detectable: behavior after the handover. The attacker doesn't move like the legitimate user. Auth Sentry catches it.

gethumming.io/how-it-works

#ITDR #IdentitySecurity #Vishing #CyberSecurity

Here's the thing, there may be more people (if not 99% of the people) on other social networks, but at the end the day, I still need to actually *do something* with my projects or it is all just idle entertainment under the guise of not or I have no idea.

I just want to nerd out on things that are cool to nerd out on and be able to talk about it with people that get it. That is all here.

Here are all the hashtags of things I'm working on and will be posting about, what I'm interested in from others, and whatever adjacent from folks in those spheres bubble up (I want a clubhouse).

#Malware #RedTeaming #PurpleTeaming #SocialEngineering #Vishing #ReverseEngineering

Vaya, parece que hoy me ha salido un "hijo" espontáneo al que se le ha ahogado el móvil.
Qué detalle que, en medio de su tragedia tecnológica, haya tenido tiempo de memorizar mi número, conseguir otro teléfono y escribirme con esa urgencia tan enternecedora (y tan falsa).

Lo de "mamá" ya es de nivel avanzado de ciencia ficción, sobre todo porque no recordaba haber pasado por un paritorio últimamente.
En fin, otro que se va directo a la lista de bloqueados antes de que me pida los datos de la tarjeta para "el arroz".

Cuidado con estos "accidentes acuáticos", que lo único que quieren limpiar es vuestra cuenta corriente.

╰┈ ─ ─ ─ ─ ─ ─ ┈╯

#estafa #vishing #seguridaddigital #fraude #sms #consejito