ATHR Vishing-as-a-Service: AI Voice Scams Go Plug and Play
ATHR is a new $4,000 vishing-as-a-service platform using AI voice agents to automate phone scams at scale. Learn how it works and how to defend your team.
Cybercrime Just Got a SaaS Business Model Security researchers have uncovered a new criminal toolkit that packages every stage of a voice phishing attack into a single, browser-based platform. Known as ATHR, the service combines AI-generated phone calls, phishing emails, credential harvesting pages, and a live campaign dashboard into what amounts to vishing-as-a-service. The platform is being sold on cybercrime forums for $4,000 upfront plus 10% of any profits generated, according to researchers at Abnormal Security who analyzed the kit in detail. For that price, a single operator can run large-scale phone scams against customers of Google, Microsoft, Coinbase, Binance, Yahoo, AOL, and other widely used services, all from a browser tab. This is the moment social engineering stopped being a skilled craft and started becoming scalable infrastructure. And for defenders, it changes the threat model in ways that email filters alone cannot address. How ATHR Works: The TOAD Attack Chain ATHR is built around a technique called telephone-oriented attack delivery, or TOAD. Unlike traditional phishing, which relies on malicious links or infected attachments, TOAD attacks flip the model on its