That unexpected call from your bank’s fraud department might not be what it seems. Voice phishing – or “vishing”—has made a dramatic comeback, with attacks skyrocketing 442% in 2024 alone.
Why the sudden resurgence? Cybercriminals are adapting to our growing skepticism of suspicious emails and text messages by returning to an old-school approach with new technological twists.
Today’s vishers don’t just cold-call thousands of people hoping to get lucky. They’re using sophisticated social engineering combined with AI voice technologies to create targeted, convincing attacks.
A typical attack starts with basic research on LinkedIn or social media. The scammer gathers just enough details about you and your company to sound legitimate. Then they call, often spoofing the phone number of your bank, IT department, or another trusted organization.
“These aren’t the awkward scam calls from years ago,” says cybersecurity analyst Mira Patel. “Today’s vishers sound professional, have done their homework, and create genuine urgency that bypasses our usual skepticism.”
Several factors explain this frightening trend:
Voice creates immediate trust. Humans naturally trust voice conversations more than text-based communication, making us vulnerable when someone sounds confident and knowledgeable.
AI-generated voices have improved dramatically. Scammers can now clone voices with just a small audio sample, creating convincing impersonations of executives or IT staff.
Remote work has changed verification processes. With employees scattered geographically, many organizations have looser verification procedures, making it harder to confirm identities.
Phone spoofing technology has become more accessible. Anyone can make their call appear to come from legitimate numbers, including your company’s actual helpdesk.
Financial losses from vishing attacks doubled in the past year, with the average corporate victim losing $123,000 per successful attack. Small businesses have been hit particularly hard, as they often lack robust security awareness training.
One manufacturing company lost $1.8 million after an accounts payable employee received a convincing call from someone posing as their CEO, requesting an urgent wire transfer to “secure a time-sensitive acquisition opportunity.”
Never trust caller ID alone. Phone numbers can be easily spoofed.
Establish verification protocols. Create codewords or callback procedures for sensitive requests.
Take your time. Legitimate organizations won’t rush you into making immediate decisions.
Use multi-factor verification for financial transactions. Insist on email confirmation or dedicated app approval for any money movement.
When in doubt, hang up and call back. Use the official number from your bank card or company directory, not the number that called you.
Question unexpected calls. Real financial institutions rarely call about “suspicious activity” without first flagging transactions in their systems.
Security experts predict vishing attempts will continue to increase throughout 2025 as AI voice technology becomes even more convincing and accessible. Organizations are scrambling to implement voice authentication systems and employee training programs to combat this growing threat.
“The human element remains our biggest vulnerability and strongest defense,” notes security researcher Thomas Chen. “No technology solution will completely eliminate vishing. Awareness and healthy skepticism are still our best protection.”
By staying alert to this resurgent threat and following basic security practices, you can significantly reduce your risk of becoming the next vishing victim in what’s shaping up to be the year of voice-based scams.
SOURCES
securitymagazine
