Call 0121 289 4477
Solutions4IT Logo
Money Back Guarantee
6 Month Trial Period
Plain English IT Support
No jargon, no tricky words
Trustworthy & Reliable
4.9* Google Reviews
Happy clients
99% Customer Satisfaction

ATHR- Newly Discovered Vishing Toolkit That Uses AI

Another AI toolkit for cyber criminals has entered the ring! This time, it’s a platform called ATHR. The toolkit combines AI voice agents with optional human operators to trick people into handing over sensitive information. It’s currently being sold on underground forums for around $4,000, plus a 10% cut of whatever gets stolen. Let’s cover how the attack works and what businesses can do to mitigate their chances of falling victim to it.

 

How The ATHR Attack Works

The process is pretty slick, in a worrying kind of way:

  1. You receive an email
    Usually,y a fake security alert or account warning. Urgent enough to panic you, vague enough to avoid filters.
  2. You call the number
    That’s when things go downhill.
  3. AI takes over
    The call is routed through systems like Asterisk and WebRTC, where an AI voice agent pretends to be support staff.
  4. You get “helped” into being hacked.
    The AI walks you through a fake recovery process, eventually asking for a verification code.
  5. Game over
    That six-digit code gives attackers access to your account.

For platforms like Google, the AI even mimics real account recovery steps, which makes it far more convincing than your average scam call.

Why This Is a Bigger Problem Than Usual

The scary part isn’t just the AI voice. It’s how easy this makes things for attackers.

ATHR provides a full dashboard where criminals can:

  • Launch phishing emails
  • Manage calls
  • Monitor results in real time
  • Collect stolen data

That’s a massive shift from older scams that required multiple tools, infrastructure, and a lot more room for human error.

Why These Attacks Are Harder to Spot

Traditional phishing detection is starting to struggle here because:

  • Emails look legitimate and pass authentication checks
  • Messages are customised per target
  • The real attack happens over the phone, not in the email

So even if your email security is solid, that doesn’t mean you’re safe once someone picks up the phone.

How Businesses Can Defend Themselves

Unfortunately, there’s no magic fix, but there are smarter ways to detect this attack:

  • Monitor communication patterns, not just email content
  • Look for multiple users receiving similar messages with phone numbers
  • Use AI-driven tools to detect unusual behaviour across the organisation

Takeaways

Platforms like ATHR are turning complex attacks into plug-and-play tools, which means more attackers, more scams, and a much higher chance someone eventually falls for it.

Similarly to how checking for bad grammar and spelling in phishing emails is not as effective anymore, the cyber security battle is always advancing; for both sides.

We hope you enjoyed this blog! Stay tuned for more cyber security articles like this one, as well as the many other topics we cover. Stay safe!

Credit: Information sourced from Bleeping Computer

Request your FREE IT Audit button

Recent Posts

Solutions4IT Logo Main
Forge House,
Mucklow Hill,
Halesowen,
West Midlands
B62 8DN
0121 289 4477
ISO 27001 UKAS logo
Services
Branches
Social
© Copyright Solutions 4 IT Ltd 2026. All Rights Reserved. Terms & Conditions Privacy Policy