Vishing Is on the Rise
The phone call used to be one of the most trusted forms of communication. But today, it’s become one of the most dangerous.
Ontinue’s Advanced Threat Operations (ATO) team has observed a sharp spike in vishing attacks over the past six months. Unlike traditional phishing emails, vishing—short for voice phishing—relies on a phone call to trick users into giving up access to their devices or sensitive information. Since it doesn’t rely on email, it can completely sidestep spam filters and endpoint detection.
The results? In many cases, full remote access to enterprise systems and the deployment of malware and ransomware, often Black Basta.
Why Vishing Works
What makes vishing so effective is that it targets a well-known blind spot in most organizations’ defenses: voice communication.
Security tools can scan attachments, links, or suspicious domains in emails, but most companies don’t have the same telemetry over mobile calls made to employee devices. If a user receives a convincing phone call from someone pretending to be from IT or Microsoft support, there’s often no way to spot or stop the deception in real time.
Additionally, the attackers are getting smarter. They don’t just call and hope for the best. They’re creating elaborate pretexts to increase their odds of success.
Two Vishing Setups We’re Seeing More Often
Ontinue analysts have recently observed two common techniques threat actors use to set the stage for a vishing attack:
1. Email Bombing
Threat actors flood a victim’s inbox with a barrage of junk emails, effectively rendering it unusable. Then, they call the user posing as help desk personnel, offering to “fix” the issue. Frustrated and overwhelmed, the user is more likely to comply and grant access, often through remote desktop tools like Microsoft Quick Assist or ScreenConnect. Once connected, the attacker deploys their malware.
2. Malvertising
Users browsing the web may unknowingly click on a malicious ad that redirects them to a fake warning page claiming their system is infected. These fake alerts urge them to call a Microsoft support number—where a threat actor is waiting. The caller then instructs the user to install remote desktop software, gaining access to the machine under the guise of resolving an issue.
Both methods rely on social engineering, exploiting human trust and urgency instead of technical vulnerabilities.
The AI Angle: Deepfakes and Voice Cloning
Adding to the concern is the growing use of AI-generated voice cloning in vishing campaigns.
Cybercriminals can now create highly realistic audio deepfakes, impersonating trusted individuals such as a company’s CFO or IT admin. These calls can convince users to transfer funds, hand over credentials, or enable remote access—all without triggering suspicion.
APT groups like Storm-1811, as reported by Microsoft, have been particularly active in this space throughout 2024. Their campaigns often end in ransomware deployments, with Black Basta being a recurring endgame.
A Threat That’s Not Slowing Down
In the last quarter alone, Ontinue’s ATO team has seen a 1,633% increase in vishing-related incidents. Many of these incidents originate from users landing on fake support pages hosted on domains ending in “.shop”, a common pattern we’re monitoring closely.
With voice phishing becoming easier to scale and harder to detect, we expect this threat vector to continue growing in sophistication and volume throughout 2025.
What You Can Do
To protect against vishing attacks, organizations must look beyond traditional email security tools. Key recommendations include:
- User training focused specifically on vishing and voice-based social engineering
- Monitoring and alerting for installs of remote access tools on endpoints
- Clear escalation paths for users to verify unexpected IT support calls
- Threat intelligence to stay ahead of attacker trends and infrastructure
Want to dive deeper into vishing and other emerging threats?
Check out Ontinue’s 2H 2024 Threat Intelligence Report to see what our Advanced Threat Operations team is tracking, what’s on the rise, and how to prepare.
