Skip to main content
TopAIThreats home TOP AI THREATS
Technical Attack

Vishing

Voice phishing -- a social engineering attack via telephone, increasingly using AI voice cloning to impersonate trusted individuals.

Security & Cyber Information Integrity

Definition

Vishing (voice phishing) is a social engineering attack conducted via telephone calls, in which an attacker impersonates a trusted entity — such as a bank, government agency, colleague, or family member — to manipulate the victim into revealing sensitive information, authorising transactions, or taking other harmful actions. AI voice cloning has transformed vishing by enabling attackers to replicate the voice of a specific known individual from minimal audio samples, making calls far more convincing. Real-time voice conversion technology allows attackers to maintain impersonation throughout live conversations.

How It Relates to AI Threats

Vishing is a core attack vector within Security & Cyber, where AI-enhanced voice impersonation enables fraud, credential theft, and unauthorised financial transactions. It intersects with Information Integrity through deepfake identity hijacking, where cloned voices of public figures or executives are used to issue false instructions or spread disinformation. The combination of voice cloning with caller ID spoofing creates a particularly effective attack, as victims have limited means of verifying the caller’s identity beyond the voice itself.

Why It Occurs

  • AI voice cloning tools can produce convincing replicas from only seconds of sample audio
  • Real-time voice conversion enables live impersonation during telephone calls
  • Caller ID spoofing allows attackers to display trusted phone numbers
  • Telephone communication carries inherent social trust that attackers exploit
  • Many organisations and individuals lack verification protocols for voice-based requests

Real-World Context

AI-enhanced vishing has been documented in the FBI’s deepfake impersonation advisory (INC-23-0001), which warned of attackers using cloned voices to impersonate U.S. government officials. The Newfoundland grandparent scam (INC-23-0004) demonstrated how voice cloning was used to impersonate a family member in distress, extracting money from elderly victims. The UK energy CEO fraud (INC-19-0001) involved a cloned voice used to authorise a fraudulent wire transfer of EUR 220,000. These cases illustrate that vishing has evolved from generic social engineering into a targeted, AI-enabled impersonation technique.

Related Incidents

INC-23-0001 high 2023-01

AI Deepfake Impersonation Campaign Targeting Senior U.S. Government Officials

INC-24-0004 critical 2024-01

FBI Elder Fraud Report Documents AI-Enhanced Financial Scams Against Seniors

Related Threat Patterns

Deepfake Identity Hijacking Information Integrity

Related Terms

Phishing Smishing Voice Cloning Deepfake
← Back to Glossary → Taxonomy → All Domains

Last updated: 2026-02-14