You’ve spent years hardening email with spam filters, link scanning, and attachment sandboxing, even adding banners that warn people when a message comes from outside the company. The phone system likely never got any of that attention. There was never much reason to treat it the way you did email, so it sat there as the one channel you never instrumented. Now it’s time to reconsider that default approach.
Voice phishing, or vishing, has sharply climbed over the past two years, and it’s no longer a problem mainly aimed at consumers. CrowdStrike’s 2025 Global Threat Report clocked a 442% jump in vishingOpens a new window between the first and second halves of 2024, and Cisco Talos found that voice phishing made up more than 60% of the phishing-related incidentsOpens a new window it responded to in early 2025.
The targets are help desks, finance staff, and the people who can reset a password or release a wire transfer at a company the size of yours. The same playbook scales to the giants. The 2023 MGM Resorts breach beganOpens a new window with a call to the help desk and reportedly cost the company more than $100 million...
