REQUEST A TRIAL
back to blog

Vishing is voice-based phishing – but how to spot the fake?

Vishing is voice-based phishing – but how to spot the fake?

The rise of ‘vishing’.  In 2025 we saw cyber threats evolve to become more efficient and effective than ever before. Two attacks in particular grabbed UK headlines, the Jaguar Land Rover attack, which was reportedly the most expensive in history, disrupting production at a key time of year for new car sales. The second was an attack that hit several high profile retailers including Marks and Spencer, the Co-operative Group and Harrods, amongst others, the resulting outages disrupted retail operations for months.

The rise of Impersonation-based attacks

Organisations need to stay vigilant as hackers and cyber criminals up their game.  Impersonation-based attacks are particularly unnerving, whether it is an AI-powered deepfake, that fools people on a conference call into taking unsafe actions (usually transferring large amounts of cash), to the less talked about ‘vishing’ scams, which is voice-based phishing, where criminals pretend to be from real, trusted organisations in order to trick the victim out of information, to take a risky action such as a password reset, or to make a fraudulent transaction.

While vishing attacks tend to focus on individuals (the vulnerable are routinely targeted), they have also been used to great effect in a corporate setting – in a similar way to the CEO scams that we wrote about previously. Indeed, a growing number of companies have been subjected to convincing impersonation-based attacks attempting fraud, with attacks on FTSE 100 companies becoming the norm.

AI has been used to generate deepfake clones of CEOs that then instruct employees to transfer money for a deal that requires speed and secrecy – a takeover for example.  The attacks, which typically use a mix of unmonitored and insecure instant messaging (e.g. WhatsApp) and voice calls using the cloned voice, are now so prevalent they have been dubbed the ‘CEO scam’.

The situation has become so worrisome that the Australian Signals Directorate (equivalent of the UK’s National Cyber Security Centre, NCSC), published a warning about such social engineering techniques aimed at business people and employees whose role could make them a target.  Such roles could include:

  •  Executives, senior management and their staff
  •  System administrators and information technology (IT) service desks
  •  Those working in human resources, sales, marketing, finance and legal.

 

Typically the malicious actors will spoof caller IDs to make calls appear from trusted sources, and use AI voice cloning to mimic real people, like known executives or work colleagues.  They will also manufacture a sense of urgency to pressurise the recipient into quick decisions.

Organisations should ensure they have security procedures in place to verify the identity of any contact, particularly when sharing or discussing sensitive information.  This is where a secure communications platform, such as Armour, can help to protect the organisation.

Identity-based Encryption will help to mitigate the risk

Secure communication solutions that use identity-based encryption, such as the NCSC’s MIKEY-SAKKE protocol help organisations to verify that only approved participants can join a group call or chat group, meaning that everyone on a video conference call (for example) has been authenticated. This type of security feature, the bedrock of Armour’s product range, is NOT provided by mass-adoption communication platforms, where very often all that is needed to set up an account is a mobile phone number or email address, and those are very easily spoofed, hacked or compromised (e.g. by SIM-swapping).

For protecting the most sensitive of conversations, such as state secrets, military movements, or government negotiations, there are highly secure, on-premises communications solutions that can be used. By running an on-premises solution organisations significantly reduce the potential attack vectors, delivering genuine data sovereignty, as well as keeping total control of every aspect of their sensitive communications. Furthermore, Armour can now offer a quantum-safe VPN through partner Arqit, to protect sensitive information even against powerful quantum computers.

Organisations of every shape and size in both public and commercial sectors need to start taking the cyber security of their communications seriously.  This means banning the use of unsanctioned shadow IT for business purposes.  When a built-for-purpose, Secure by Design secure comms platform can provide a slick user experience to rival any consumer app, plus the ability to manage and control organisational data with auditable operational record keeping, why would you use anything else?

Contact us today, to see how Armour’s Secure Communications Platform could protect your organisation from vishing, phishing, social engineering and deep-fake, AI-powered impersonation-based attacks.

  • Vishing is voice-based phishing – but how to spot the fake?
  • Vishing is voice-based phishing – but how to spot the fake?
  • Vishing is voice-based phishing – but how to spot the fake?
  • Vishing is voice-based phishing – but how to spot the fake?
  • Vishing is voice-based phishing – but how to spot the fake?
  • Vishing is voice-based phishing – but how to spot the fake?
  • Vishing is voice-based phishing – but how to spot the fake?
  • Vishing is voice-based phishing – but how to spot the fake?
Armour Comms
GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.