ALERT: New “Pink” Extortion Group Targeting Businesses with Fake IT Support Calls

Jun, Tue, 2026
nathan
Industry News , IT Nightmare , Mailing List

Threat intelligence courtesy of KnowBe4

KnowBe4’s threat research team has identified a new extortion campaign targeting businesses. A group calling themselves “Pink” is using voice phishing (vishing) to impersonate internal IT staff and breach organizational networks.

How the Attack Works:
According to KnowBe4’s research, the threat actor leverages vishing for initial access, impersonating internal IT personnel to convince users to input credentials into phishing sites, allowing the actor to gain access to the victim’s account and MFA.

Once inside:
– They rapidly identify and exfiltrate data from platforms like SharePoint and OneDrive
– Use compromised accounts to send extortion emails and internal Teams messages
– Reuse second-level domains to target multiple organizations

Why It Works:
These calls exploit trust. The attacker knows enough to sound legitimate — sometimes referencing real IT issues or using urgency.

What You Can Do:

For Employees:
– Hang up and verify. If someone calls claiming to be IT, end the call and dial your actual IT provider directly using a known number.
– Never provide MFA codes over the phone — legitimate IT will never ask for these.
– Be suspicious of urgency. Real security issues don’t expire in 10 minutes.

For Management:
– Brief your team on this specific threat
– Verify your MFA is properly configured and enforced on all remote access
– Review who has access to sensitive SharePoint/OneDrive data

About KnowBe4
KnowBe4 provides security awareness training and simulated phishing platforms used by over 70,000 organizations worldwide. Their threat intelligence helps businesses stay ahead of evolving social engineering attacks.

Read the full KnowBe4 report: https://blog.knowbe4.com/new-pink-extortion-group-vishing-it-support-scams

Need IT Support for your Home or Business? We’d love to help!

Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of? Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?

Cyber Tech Cafe is an IT Service Company with a focus on helping small to medium business get the most out of their technology investment. As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without a contract saying that you have to.

If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know. We look forward to the opportunity to earn your business.