It’s no longer enough to defend against AI-powered email phishing campaigns. Spurred by hardened defenses for endpoints and email, cybercriminals have pivoted from traditional phishing campaigns to double down on the one channel with limited defense—the telephone.

To be sure, voice phishing isn’t new. Fraudsters have been impersonating help desk staff, government regulators and executives for years. Attackers leaned on urgency, authority and emotional duress to manipulate victims. Their tactics, however, lacked finesse. With proper training, employees learned to spot telltale signs like off-key speech or conflicting information. In many cases, employee vigilance was enough to stop the attack—but not anymore.

What’s new is the deepfake technology twist...