Introduction
When people think of cyberattacks, they often picture malware, phishing emails, or ransomware. Sometimes, though, attackers don’t need code to compromise an organization; they just need a convincing voice.
Voice phishing, or vishing, has been skyrocketing in the past two years, with a 170% rise in deepfake vishing in the latter half of 2025.
AI clones real voice audio to create a “deepfake,” which is a very good copy of someone’s speech patterns. Attackers are increasingly using these AI‑generated voices to make scam calls eerily convincing. Synthetic voices can impersonate your colleagues, managers, or IT staff with chilling accuracy.
Why Vishing Works
Unlike email phishing, vishing exploits tone, trust, and urgency. Attackers often pose as technology support staff, calling under the guise of “resolving” digital issues or reconnecting services. Once they establish rapport, they can bypass your MFA, trick people into granting access, or reset user credentials. All of this gives them full control over your sensitive accounts.
Traditional defenses like spam filters don’t work here, because they’re convincing you to give them legitimate access. Now that AI can make voices indistinguishable from the real thing, the human factor becomes the weakest link.
Case Study: Salesforce Social Engineering
In early 2025, a major breach reminded us about the power of vishing.
A wave of social‑engineering attacks targeted companies through their Salesforce environments. Threat actors used vishing (voice phishing) to impersonate a help‑desk to trick employees into approving malicious OAuth apps. That gave attackers full API‑level access to sensitive CRM data.
Employees thought they were reconnecting with IT support — but in reality, they handed over the keys to the company’s network.
Protecting Yourself from Vishing
When you get a call that begs you to take immediate action, then is the perfect time to slow down and reassess the situation. Because of spoofing technology, cybercriminals can “clone” their phone number so it appears to come from a trusted number. Always validate who you’re speaking to and confirm through a trusted internal channel, not caller ID.
This is also why you should rely on trusted, encrypted channels instead of insecure methods of communication. Legitimate authorities, organizations and government agencies (like the IRS) will
Conclusion
Calls exploit psychology in ways that email can’t. When we understand how vishing works and what red flags to look out for, we become better prepared to question and stop a voice phishing call in its tracks.
As AI makes voices harder to distinguish, everybody must adapt. The next frontier of cybersecurity isn’t just about firewalls and filters; it’s about teaching people to question the voice on the other end of the line.
The post Vishing Scams Are On the Rise appeared first on Cybersafe.
