Helpdesk Squeeze: BlackFile and the Vishing Revival

John Z Black Apr 27, 2026 Threat Intelligence #vishing #social-engineering #ransomware #retail #mfa-bypass

Someone picks up the phone. "IT support, how can I help you?" That is where the breach starts.

BlackFile, a new group tracked as "Cordial Spider," is skipping the high-tech exploits and going straight for the human perimeter. They call employee helpdesks in retail and hospitality, impersonate staff, and walk people through installing malware disguised as a security fix. It is simple, it is polite, and it is bypassing MFA everywhere.

The group is currently demanding seven-figure ransoms. While companies have spent millions hardening firewalls, BlackFile has realized that a friendly phone call to a tired frontline employee is still the cheapest way into a network.

MFA is a door, not a wall. If someone “calls from IT” to walk you through a fix, the door is already opening.

Find out the specific verification rituals your helpdesk needs to use to shut down vishing attacks.