For $4,000 and a cut of the take, a lone criminal can now run a fully automated voice-phishing operation via ATHR, a plaform that spoofs emails alerts from Google, Microsoft, and Coinbase, buries a phone number in each message, and when the victim calls back, hands them off to either a human scammer or an AI voice agent.
ATHR for sale
AI is becoming part of everyday criminal workflows, and fueling the rise in cyber fraud.
ATHR is a platform that provides phishers with everything they need to trick users into sharing account credentials and verification codes.
ATHR’s dashboard (Source: Abnormal AI)
“The platform ships with a built-in mailer and brand-specific email templates designed to pass casual inspection and, in many cases, technical authentication checks. The lure is typically a fake security alert or account notification—something urgent enough to prompt a phone call but generic enough to avoid triggering content-based filters,” Abnormal AI security researchers explained.
The phishing emails don’t contain links or attachments, just a phone number that victims are supposed to call to make sure their account remains safe.
Those that do are routed by ATHR’s telephony layer to either a human operator or an AI agent.
“Each agent follows a structured, multi-step script that walks the target through a fabricated security scenario: verifying the callback, describing suspicious account activity, confirming an unrecognized phone number, initiating a fake recovery process, and ultimately extracting a six-digit verification code,” the researchers added.
The operator of the ATHR platform can monitor active calls. Victims can be redirected to specific panel pages, so that the phishing flow is synchronized with the ongoing conversation.
According to Abnormal AI, the platform currently includes pre-built credential harvesting panels for Google, Microsoft, Coinbase, Binance, Gemini, Crypto.com, Yahoo, and AOL. It’s sold via cybercrime networks for $4,000 plus 10% of the phishers’ profits.
What sets ATHR apart from similar tools
Earlier callback phishing platforms still depended on human callers, but ATHR removes that bottleneck entirely. The AI agents run on a custom text-to-speech engine, and handle live calls autonomously.
Also, the entire operation flows through one browser-based interface and the operator doesn’t have to leave the dashboard or switch between tools.
The platform allows operators to tweak the spoofed security notices (lures) sent out to potential victims, to make them more believable. “A recipient who sees their approximate location, a recent timestamp, and a plausible IP address is far more likely to believe the alert is real and call the number provided,” the researchers pointed out.
ATHR also allows the operator to see whether the lures are successful, and adjust them if they aren’t.
“The shift from a fragmented, manually intensive operation to a productized, largely automated one means [telephone-oriented attack delivery] attacks no longer require large teams or specialized infrastructure. As platforms like ATHR emerge on cybercrime networks, these attacks are likely to become more frequent and more difficult to distinguish from legitimate communications,” the researchers concluded.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
Click Here For The Original Source.
