Phishing Kits Adapt To The Script Of Callers
Okta, Thursday, January 22nd, 2026
Okta Threat Intelligence has detected and dissected multiple custom phishing kits that have evolved to meet the specific needs of voice-based social engineers ('callers') in vishing campaigns.
These custom kits are made available on an as-a-service basis and are increasingly used by a growing number of intrusion actors targeting Google, Microsoft, Okta and a range of cryptocurrency providers.
The kits are capable of intercepting the credentials of targeted users, while also presenting the supporting context required to convince users to approve MFA challenges, or to take other actions in the interests of the attacker on the phone. They can be adapted on the fly by callers to control what pages are presented in the user's browser, in order to sync with the caller's script and whatever legitimate MFA challenges the caller is presented with as they attempt to sign-in.