Skip to main content
    Voice Scammers Are Now Stealing Your Work App Access. Here's What to Do
    Cybersecurity
    Important
    4 min read

    Voice Scammers Are Now Stealing Your Work App Access. Here's What to Do

    A major hacking group is calling employees and tricking them into handing over access to work accounts. Microsoft says it's already targeting companies worldwide.

    Source

    GetCyberRight Intelligence

    Original headline: ShinyHunters OAuth Vishing Campaign

    Plain-English summary by GetCyberRight. Read the full report at the source above.

    Published Monday, July 13, 20264 min read
    Share:

    What Just Happened

    Microsoft has confirmed that ShinyHunters, a notorious hacking group, is calling employees and pretending to be IT support to steal access to work applications. They're specifically after OAuth tokens, which are digital keys that keep you logged into apps like Microsoft 365, Google Workspace, Slack, and other business tools. This isn't a random attack. It's a coordinated campaign targeting professionals across multiple industries.

    The Details

    Here's how these criminals operate. They call you at work, claiming to be from your IT department or the company that provides your work software. They sound professional and often have real details about your company to seem legitimate. Then they create urgency, saying there's a security issue or your account will be locked. Their goal is to trick you into approving a login request or sharing a code from your authenticator app.

    What makes this attack particularly dangerous is what they're stealing. OAuth tokens are different from passwords. They're the invisible keys that keep you logged into your work apps even after you've entered your password. Once criminals have these tokens, they can access your accounts without needing your password at all. They bypass your two-factor authentication entirely because the system thinks they're already you.

    The voice element makes this scam more convincing than typical phishing emails. People naturally trust phone calls more than suspicious emails. The scammers exploit this trust, combining social pressure with technical-sounding language to make you act before thinking.

    Who Is Affected

    This campaign primarily targets professionals who use cloud-based work applications. If you log into Microsoft 365, Google Workspace, Salesforce, or similar tools for your job, you're a potential target. Remote workers are especially vulnerable because they're already accustomed to IT support happening over the phone rather than in person.

    Small and medium-sized businesses face heightened risk. These organizations often lack dedicated security teams to warn employees about emerging threats. ShinyHunters knows this and specifically targets companies where security awareness might be lower.

    What You Should Do Right Now

    1. Establish a verification rule: Never approve login requests or share codes during unexpected calls. Tell the caller you'll contact IT directly using a number from your company directory, then hang up and do exactly that.

    Stay one step ahead of scammers

    Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.

  1. Review your active sessions: Go into your Microsoft 365, Google, Slack, and other work app settings. Look for active sessions or devices you don't recognize. Sign out of everything except your current device.

  2. Enable security notifications: Turn on alerts in your work accounts that notify you whenever someone logs in from a new device or location. This gives you early warning of unauthorized access.

  3. Talk to your IT department: Ask them to send a company-wide message about this threat. Request clear instructions on how legitimate IT support will contact employees and what they'll never ask for over the phone.

  4. Check your authentication app: If you use an authenticator app for work, review the accounts connected to it. Remove any you don't recognize or no longer use.

  5. The Bigger Picture

    This campaign represents a troubling evolution in cybercrime. Criminals are moving beyond automated phishing emails to personalized phone calls that exploit human psychology. As companies adopt more cloud services and remote work becomes permanent, these voice-based attacks will only increase. Staying informed about new tactics isn't optional anymore. It's essential for protecting your livelihood and your employer's data.

    How GetCyberRight Can Help

    Our GCR Scam Guard tool helps you verify suspicious login requests before you respond to them. When you receive an unexpected call or message asking you to approve a login, Scam Guard can help you identify red flags and walk you through proper verification steps. It's designed to give you confidence in the moment, when pressure tactics work best against us. Think of it as having a cybersecurity expert looking over your shoulder during those critical few seconds when scammers try to rush you into a mistake.

    Protect Yourself

    Use our GCR Scam Guard to check if you're affected and take action.

    Found this useful?

    Share it with someone who could use a heads-up.

    Share:

    Curated from trusted cybersecurity sources by GetCyberRight

    Source: GetCyberRight Intelligence

    Discussion

    0

    Sign in to join the discussion.

    Stay ahead of cyber threats

    Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.