Voice Phishing Okta Customers: ShinyHunters Claims Credit

Okta Alerts Customers' CISOs to Malicious Campaigns Seeking Single Sign-On Access Mathew J. Schwartz (euroinfosec) • January 23, 2026

Criminals are wielding advanced voice-phishing toolkits designed to streamline social engineering attacks in real-time.

See Also: Proof of Concept: Automating Security Safely With Agentic AI

Often bought on a subscription basis from cybercrime service providers, the toolkits facilitate real-time social engineering of a target, typically to trick the victim into sharing a one-time password, or approving a multifactor authentication check, says a report from Okta, which recently warned customers over vishing attacks bypassing identity checks.

In a private alert Okta sent directly to customers' CISOs on Monday - first reported by BleepingComputer - Okta said attackers come forearmed with knowledge including which identity verification apps targets use and the target company's IT support helpdesk phone number.

Okta confirmed the alert in an email. "Keeping customers secure is our top ...