A new generation of phishing threats is turning vishing into real-time orchestration, according to Okta Threat Intelligence, which has dissected a wave of custom phishing kits designed to weaponise the phone call and drive a victim’s browser session with high precision. These are described as sophisticated, as-a-service platforms that synchronise verbal deception with digital manipulation, targeting users of Google, Microsoft, Okta and cryptocurrency services.
The core innovation is real-time session orchestration, with the attacker on the phone acting as technical support while simultaneously controlling exactly what the victim sees on screen. Moussa Diallo, a threat researcher at Okta Threat Intelligence, describes how once in the “driver’s seat” the attacker can monitor credentials as they are entered and immediately adapt the phishing page to mirror MFA prompts, effectively defeating non-phishing-resistant MFA.
The report notes that push with number matching or other MFA challenges can be manipulated since the attacker guides which number the victim should press, highlighting a growing sophistication in this black‑market ecosystem. 25 January 2026.