A social engineering attack that uses phone or SMS impersonation to trick support staff or users into resetting credentials, enrolling devices, or revealing MFA codes. In identity programmes, it turns operational support into an authentication path and bypasses controls that assume requests are legitimate because they sound legitimate.
#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.