BlackFile widens voice phishing pressure
BlackFile, a financially motivated hacking group, is targeting retail and hospitality companies with voice phishing attacks, using spoofed caller identities and fake helpdesk scripts to steal credentials and force ransom negotiations. The group has been linked to attacks since January 2026 and has been using various tactics to bypass multi-factor authentication controls and steal sensitive data.
BlackFile, a financially motivated hacking group, is widening its extortion campaign against retail and hospitality companies. The group uses voice calls, fake helpdesk scripts, and spoofed caller identities to steal credentials and force ransom negotiations. Attackers pose as corporate IT support, directing targets to phishing pages designed to resemble company single sign-on portals. Once inside an account, they register their own devices to bypass multi-factor authentication controls and move towards higher-value accounts. BlackFile has been linked to attacks since January 2026 and is associated with The Com, a loose English-speaking cybercrime ecosystem. The group has maintained a data-leak site to publish stolen material from organisations that do not engage or fail to meet its demands, with ransom demands typically reaching seven figures.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.