Voice Phishing Kits Give Threat Actors Real-Time Control Over Attacks
KnowBe4, Thursday, February 12th, 2026
Researchers at Okta warn that a series of phishing kits have emerged that are designed to help threat actors launch sophisticated voice phishing (vishing) attacks that can bypass multifactor authentication.
'The most critical of these features are client-side scripts that allow threat actors to control the authentication flow in the browser of a targeted user in real-time while they deliver verbal instructions or respond to verbal feedback from the targeted user,' Okta says.
'It's this real-time session orchestration that delivers the plausibility required to convince the threat actor's target to approve push notifications, submit one time passcodes (OTP) or take other actions the threat actor needs to bypass MFA controls.'