CATFISHING GETS A LOUD UPGRADE!
You get a phone call. It sounds exactly like your daughter, your grandson, your boss, or your CEO. They’re upset, they need help, they need money, and they need it NOW! You – being the wonderful friend, family member, or employee – jump into action to help solve the probem.
That is exactly why AI voice phishing is working – it’s takes advantage of trust in high-emotion situations.
Voice phishing, or Vishing, has become one of the fastest-growing social-engineering threats. CrowdStrike reported that vishing activity jumped 442% between the first and second half of 2024, driven by AI-powered impersonation and social engineering. Cisco Talos saw the same pattern from the trenches: in Q1 2025, phishing was the initial access method in half of all incident-response engagements, and vishing accounted for more than 60% of phishing engagements Talos handled.
This is not a “someday” threat. It is already affecting regular people, businesses, and even government officials. In May 2025, the FBI warned that attackers were sending AI-generated voice messages and texts while impersonating senior U.S. officials in order to build trust and gain access to accounts and contacts – check that story out HERE.
What is AI Voice Phishing?
At its simplest, AI voice phishing is a scam where criminals use voice-cloning tools to sound like someone you already trust. The FTC says scammers can use a short audio clip, potentially pulled from social media or other online content, to create a cloned voice. Then they combine that fake voice with urgency, secrecy, and emotional pressure to push the victim into acting fast.
That action might be:
- Sending money
- Approving a wire transfer
- Sharing an MFA code
- Resetting an account
- Clicking a malicious link to “continue the conversation”
Why Vishing is Becoming a Scam-Favorite?
There are three reasons this issue is accelerating.
First, due to the initial success of Vishing, attacks are scaling at an impressive rate. Pindrop’s 2025 Voice Intelligence & Security Report says deepfake fraud attempts rose by more than 1,300% in 2024, and its analysis of 1.2 billion customer calls found sharp increases in synthetic voice attacks across financial services, insurance, and retail. Pindrop also estimated that fraud attempts in U.S. contact centers were occurring every 46 seconds.
Second, this scam is more frequently being turned towards ordinary folks here in the States. Hiya’s 2025 report found that 31% of U.S. consumers said they had encountered a deepfake fraud call in the past year. More than 30% of people targeted said they became victims, and AI deepfake calls were associated with a larger share of losses above $6,000 than traditional phone scams.
Third, the tools are becoming easier to misuse. In March 2025, Consumer Reports said its assessment of six AI voice-cloning products found that several lacked strong safeguards against fraud and abuse.
How it affects regular people
The family-emergency version of this scam is brutally effective because it goes straight for the thing that will make most folks panic immediately – their loved ones.
The FTC says these scams usually follow a familiar script: a loved one calls you, supposedly in trouble, then you are told the situation is urgent, and the caller insists you can resolve it by paying through hard-to-reverse methods, such as wire transfers, crypto, payment apps, or gift cards. The scammers may also bring in a fake “authority figure” such as a lawyer, police officer, or doctor to make the story feel more real.
A real example came out of Florida in 2025. Florida resident Sharon B received a call that sounded exactly like her daughter crying after a car crash. A man claiming to be a lawyer then told her she needed $15,000 in cash for bail. She paid it. Only later did the family reach her real daughter and realize it was a scam. Reports said the family believed the criminals used social-media video to clone the daughter’s voice.
This is unfortunately not a unique story. Another woman, identified as Dee Dee in a 2025 TV interview with local news, said she heard what sounded exactly like her grandson after a supposed car accident. She withdrew $9,500 and was about to turn it over when her daughter called and stopped her just in time. Her description of the call gets to the root of why this scam works so effectively: the diction, pacing, and emotion all felt real.
That is the key shift here. People have been trained to watch for suspicious email grammar and weird text messages. But voice carries familiarity, urgency, and emotional credibility in a way that text often does not.
Let’s Vish to Business
For businesses, AI voice phishing is not just a help-desk nuisance. It is now tied to financial fraud, account takeover, and executive impersonation.
CrowdStrike says AI-driven phishing and impersonation helped fuel the building vishing barrage against businesses. Cisco Talos found that phishing, including vishing, had become a major initial-access route in the incidents it responded to.
If attacks on private citizens can get pricey, the cost of Vishing in business cases have the potential to be astronomical.
The best-known example is Arup. The World Economic Forum reported that an employee at the engineering firm transferred $25 million after a video call with what they thought to be senior management. The people on the call were actually highly-detailed deepfakes. Arup’s CIO later described the event as a mix of psychological manipulation and advanced deepfake technology, not a simple “hack.”
In another 2025 case, Singapore police said a finance director at a multinational company was approached by someone posing as the CFO, then joined a Zoom meeting with what appeared to be the CEO and others. He was told the matter was confidential and was ultimately instructed to transfer roughly $500,000 to what turned out to be a mule account. Authorities were able to later trace and withhold the funds, saving the day for that company – but not all are so lucky.
These cases matter because they show that the scam is not just “grandparent fraud.” It is also:
- Fake executive approvals
- Fake vendor urgency
- Fake support calls
- Fake identity verification over the phone
Red Flag Watch
Whether the target is a family member or a finance team, the patterns are strikingly similar.
The FTC says the common themes are urgency, secrecy, emotional pressure, and demands for payment in hard-to-recover forms.
Stay wary of phrasing like:
- “Don’t tell anyone.”
- “This needs to happen right now.”
- “Send cash, wire, crypto, or gift cards.”
- “Click this link so we can keep talking.”
- “You’re the only person who can help.”
- “This is confidential.”
A convincing voice does not cancel out those red flags.
How to protect yourself at home
The FTC’s core advice is simple and still the best starting point: don’t trust the voice alone. Hang up and call the person back using a number you already know is real. If you cannot reach them, contact another family member or friend who can verify the story. If an alternate number isn’t an option, you can also ask a question only the real person would know – but still err on the side of caution & try to contact them elsewhere to confirm!
Practical habits that help:
- Set a family safe word for emergencies
- Limit public audio and video where possible
- Be extra skeptical when money is requested immediately
How businesses should respond
Businesses need process controls, not just awareness.
At minimum:
- Require separate authentications for wire transfers, vendor banking changes, and urgent approvals
- Do not let voice alone authorize financial transactions or account resets
- Train executives, finance teams, HR, and help desk staff on voice-based impersonation
- Make sure staff know that “sounds like the boss” is not a control
This is where it’s crucial to ensure you have a system or team ready to back you up. At Fisher’s, our Managed IT and Security Services are built to excel in protecting systems, securing data, compliance, backup, support, and business communications. The Fisher’s Tech Team can also help businesses with business phone solutions and communication workflows, meaning if Vishing is something you’re concerned about, we can help!
Final Takeaway
AI voice phishing works because it bypasses the mental filters people use for “regular” scams. Instead of a weird email from a stranger, the scam now sounds exactly like someone you know – and sometimes sounds like someone you answer to, making the pressure to act skyrocket!
The data says the threat is rising quickly. The stories show how emotionally convincing it can be. Your best defense isn’t trusting yourself to spot the scam, it’s building habits and approval processes that work securely, so even when the voice sounds real, you know what to do.
AI can fake a voice – but it should never bypass your process!