Attack Vectors

What and how generative AI techniques are used to deceive, impersonate and defraud.
Back to Attack Vectors

Deepfake vishing

Audio
Corporate Fraud
Consumer Fraud

Vishing, short for voice phishing, uses phone or VoIP calls to manipulate the target into revealing information or taking action. AI extends traditional vishing by giving attackers cloned voices, real-time conversion, and conversational agents that handle scale.

Use cases: Telco · Live agent assist · Finance

How it works

  • Attackers use cloned, synthetic, or converted voices to impersonate trusted contacts
  • Conversational AI handles objections and adapts to victim responses without human input
  • Multi-step attack chains move targets across channels: initial vishing call, follow-up SMS, then a callback to a spoofed number

Where it shows up

  • Bank impersonation calls extracting credentials and one-time passcodes
  • IT helpdesk scams resetting MFA on behalf of the "employee"
  • Tax or government agency calls demanding immediate payment under threat
  • Recovery scams targeting victims of prior fraud, posing as law enforcement
  • Investment scams using cloned analyst or celebrity voices