What changed in vishing between 2023 and 2026?
Three technological developments significantly changed the cost, scale, and effectiveness of vishing attacks.
- AI voice-cloning systems now require only 3 seconds of audio to reproduce a specific person’s voice with up to 85% accuracy.
- Large language models (LLMs) can manage real-time conversations with contextual awareness. They can respond to objections, follow-up questions, and resistance during a call.
- Integration with VoIP infrastructure allows a single operator to manage thousands of simultaneous calls. Each call can be personalized using data collected from publicly available or scraped sources.
According to research studies and industry reports [1, 2], the number of attacks involving AI Vishing and voice deepfake technologies increased sharply in 2024–2025. Attackers are increasingly using voice cloning, LLM-driven conversation scenarios, and personalized attacks targeting banks and insurance companies.
Why are finance and treasury teams primary targets?
Finance personnel are responsible for authorizing money transfers. That is the simplest explanation.
The broader reason is more complex. Finance and treasury teams often work under significant time pressure. They regularly receive urgent requests from executives. Voice confirmation is also commonly used as a standard security control. Each of these conditions can be exploited by attackers.
The Scattered Spider group demonstrated this approach by targeting help desks at major insurance companies in the United States. The attackers used manual voice phishing to reset MFA credentials and gain network access.
| Target Role | Why Attackers Select Them | Typical AI Vishing Scenario |
| CFO / Finance Director | Authority to approve wire transfers | Cloned CEO voice requesting an urgent transfer |
| Treasury Analyst | Responsible for executing transfers | Attacker impersonates the CFO and references an active deal |
| Executive Assistant | Controls access to executives and is trusted in voice communications | Attacker impersonates an executive to reroute calls or influence approvals |
| Accounts Payable | Handles vendor payment modifications | Attacker impersonates a vendor requesting updated banking details |
| IT Help Desk | Authority to reset MFA credentials | Attacker impersonates an employee requesting a credential reset |
How does AI vishing differ from traditional vishing?
| Dimension | Traditional Vishing | AI Vishing |
| Voice | Attacker’s real voice or an unconvincing impersonation | Cloned voice generated from 3 seconds of voice samples |
| Scale | One call at a time | Thousands of simultaneous calls |
| Personalization | Generic scripts with limited flexibility during questioning | LLM-generated conversations that adapt in real time using contextual data |
| Cost per target | High | Minimal |
| Language barriers | Noticeable accents and cultural context mistakes | Fluent and grammatically correct speech in multiple languages |
| Detection difficulty | Moderate — traditional warning signs are usually present | High — many traditional warning signs are absent |
Traditional warning signs such as unnatural accents, incorrect names, or rigid speech patterns have become far less reliable. Defensive strategies now require different indicators and verification methods.
Which controls are effective against AI vishing?
Procedural control: out-of-band callbacks
Out-of-band callbacks remain one of the most effective defensive controls. Any voice request involving money transfers, credential resets, or access modifications should trigger a callback to a pre-registered number. Attackers may be able to clone a voice, but they cannot reliably intercept and answer a verification callback. This control functions as the voice-based equivalent of a hardware security key.
Training control: realistic vishing simulations
Personnel who have previously encountered cloned voices during controlled simulations are more likely to recognize future attacks more quickly. Arsen conducts vishing simulations designed to replicate real attacker techniques. These simulations include voice cloning and LLM-driven conversations. The goal is to help finance teams develop recognition and response habits before a real attack occurs.
Detection control: transaction anomaly monitoring
Behavior-based monitoring of outbound transactions can provide an additional layer of protection, even if human verification processes fail. Detection mechanisms should identify anomalies such as:
- unusual recipients;
- abnormal transaction amounts;
- unusual transaction timing.
Additional protection can include mandatory delay periods for transfers that exceed defined thresholds.
What should a CISO’s 30-60-90-day plan include?
| Timeline | Actions |
| 0–30 days | Identify all workflows that rely on voice authorization. Establish a mandatory callback policy for transfers exceeding €50K. Brief finance and treasury leadership teams. Review verification procedures for risks associated with AI voice cloning. |
| 30–60 days | Deploy vishing simulations for finance teams, treasury personnel, and executive assistants. Measure baseline susceptibility levels. Test multi-channel attack scenarios involving email followed by phone calls. |
| 60–90 days | Conduct a tabletop exercise simulating a successful deepfake CFO call. Update the incident response runbook to include synthetic media attack scenarios. Present metrics to the board. Evaluate gaps in regulatory compliance. |
