What Is Happening?
In 2025, voice-based scams have reached a new level of sophistication. Cybercriminals are combining traditional “vishing” (voice phishing) with AI-generated deepfake voices, making it nearly impossible to tell the difference between a real person and an impersonator.
From impersonating bank employees to mimicking a relative’s voice asking for urgent help, the goal is always the same: get you to act quickly and emotionally.
What Is Vishing?
“Vishing” stands for voice phishing — a social engineering attack conducted over the phone. Scammers call victims pretending to be:
- Bank or government officials
- Tech support from Microsoft/Apple
- A loved one in urgent need
In 2025, it’s no longer just scripted calls.
Attackers use AI tools to clone real voices, often extracted from social media or voicemail greetings. One recent campaign in Australia used deepfake voices of airline staff to trick customers after a known data breach (source).
Real Incidents in 2025
- Qantas Scam (Australia): Following a cyberattack on Qantas, scammers used stolen customer info and AI voice calls pretending to be support staff.
- Corporate Attacks (USA): Hacker group Scattered Spider targeted aviation and telecom firms by calling helpdesks with deepfake CEO voices to request password resets.
- Family Deepfake Fraud: Police in multiple countries reported scams where parents were called by what sounded like their children begging for emergency funds.
Deepfake Technology + SIM Swap = Perfect Storm
Many of these attacks are now paired with SIM-swapping:
- Criminals social-engineer mobile carriers to transfer your number to a SIM they control
- They intercept 2FA codes, verify logins, and drain accounts
SIM Swapping: How It Works
In a SIM swap attack, criminals trick your mobile carrier into transferring your phone number to a SIM card they control. They impersonate you—often using stolen personal information—and claim they’ve lost their phone or need a replacement SIM. Once the carrier completes the transfer, the attackers receive all your calls and SMS messages, including two-factor authentication (2FA) codes. This gives them access to your online accounts, banking apps, and more—without ever needing your passwords.
Combined with voice deepfakes, it’s a powerful combo: they sound real and have access to your phone.
How to Protect Yourself in 2025
Here are practical tips for staying safe:
1. Be Skeptical of Urgent Voice Calls
If someone calls asking for money, passwords, or codes — even if they sound familiar — hang up and verify independently.
2. Don’t Share Codes Over the Phone
Banks and real companies never ask for one-time codes, passwords, or credit card info via phone.
3. Lock Down Your SIM
- Set up a PIN or password with your mobile carrier
- Enable alerts for SIM changes or new device logins
4. Reduce Public Voice Exposure
Avoid posting voicemails, long videos, or public voice messages that can be used to clone your voice.
5. Use Stronger 2FA Options
- Use app-based authenticators (e.g., Google Authenticator, Authy)
- Better yet: move to passkeys or hardware tokens
Final Thoughts
AI has made social engineering more dangerous than ever. With voice deepfakes and SIM-swapping on the rise, your best defense is caution and verification.
“Think before you trust the voice on the other end.”
Stay ahead of the scams. Share this article with family members who may be vulnerable, especially seniors and teens.
A secure password manager helps you store complex, unique passwords for every account—and alerts you if any of them are leaked in a data breach. This makes vishing follow-up attacks much harder to pull off.
Need real-time scam alerts? Sign up for GlobShield’s free monthly newsletter — practical cybersecurity tips for real people.
