Why Vishing Is a BIG Cyber Threat in 2025: A Continuous Cyber Threat for Organizations of Any Size

In 2025, vishing attacks—the art of tricking individuals into sharing sensitive information through voice communication—continue to rise, affecting organizations globally. According to the 2024 FBI Internet Crime Report, vishing accounted for 36% of all social engineering attacks, costing businesses over $2 billion in losses. One infamous example involved a UK-based financial institution losing millions due to an executive divulging credentials during a convincing phone scam.

These alarming vishing statistics and figures underscore why vishing is a threat organizations cannot afford to overlook. In this blog, we’ll explore why vishing is growing, how it’s impacting businesses, and strategies to defend against this evolving cyber menace.

What Is Vishing?

Vishing, or "voice phishing," is a social engineering technique where attackers use phone calls or voice messages to manipulate individuals into revealing sensitive information. With increasing reliance on voice communication platforms, businesses face growing exposure to vishing threats. Learn more about vishing and its technique on our blog: An Introduction to Voice Phishing.

Why the Risk of Vishing Is Growing

With simple tricks and convincing stories, vishing is turning into a bigger problem that businesses and individuals need to watch out for. Understanding the growing threat of vishing is significant to protecting sensitive information and safeguarding against these sophisticated attacks.

AI's Role in Voice Phishing

According to Keepnet’s 2024 Voice Phishing (Vishing) Response Report, 95% of cyber incidents stem from human behavior, and vishing incidents have surged by 30% annually. Advances in AI-powered deepfake technology compound this problem, with 70% more AI-based attacks in 2024 alone. By 2025, 80% of vishing threats may involve AI-generated impersonations (source: Keepnet 2024 Voice Phishing Response Report).

Attackers exploit trusted platforms like Microsoft Teams by:

• Mimicking trusted colleagues creates a false sense of legitimacy.
• Sending fraudulent meeting invites, leveraging urgency to prompt action.
• Embedding malicious links disguised as legitimate files often bypassing standard security measures.

These risks underscore the critical need for proactive measures and employee training to mitigate the growing threat of vishing.

The Vulnerability of Microsoft Teams

Cybercriminals now target teams vishing attacks, posing as colleagues or IT support to exploit trust and gain sensitive information. With its widespread use for internal communication, Microsoft Teams has become an attractive target, making it critical to understand how vishing tactics can exploit its vulnerabilities.

How Vishing Attacks Target Microsoft Teams

• Impersonation of Trusted Contacts: Attackers exploit the trust employees place in familiar profiles. They pose as coworkers or trusted individuals by creating fake accounts or hijacking legitimate ones.
• Sending Fraudulent Meeting Invitations: Attackers schedule fake meetings or send urgent invites that blend seamlessly into an employee’s calendar, often containing malicious links.
• Embedding Malicious Links or Files: Messages may include links to phishing sites or malware-laden documents disguised as legitimate files.
• Leveraging Urgency or Fear: Social engineering tactics like claiming account breaches or urgent updates compel employees to act without verifying authenticity.
• Exploiting Platform Limitations: Malicious actors can infiltrate communication channels without stringent verification protocols, posing significant risks.

While Microsoft Teams supports over 280 million monthly users, these tactics emphasize the importance of awareness, training, and robust security measures to counter vishing attacks effectively.

These risks emphasize the need for robust security awareness training and proactive measures to mitigate vishing vulnerabilities on Microsoft Teams.

DarkGate Malware: A Case Study

The DarkGate malware exemplifies the evolution of vishing as a sophisticated threat to modern businesses. Trend Micro reports highlight:

• $1.5 million average recovery costs per attack, covering remediation, data loss, and legal expenses.
• Seven days of operational downtime, impacting productivity and customer trust.

How DarkGate Targets Microsoft Teams

• Sophisticated Social Engineering: DarkGate uses advanced social engineering tactics, leveraging employees' trust in known platforms and individuals. Attackers exploit this trust to manipulate users into compromising sensitive systems.
• Employee Trust Exploitation: By impersonating trusted contacts or embedding seemingly legitimate links into messages, attackers capitalize on the assumption that communication within Microsoft Teams is secure.
• Bypassing Traditional Defenses: Unlike traditional phishing attacks often filtered by email security solutions, voice and message-based threats within Microsoft Teams bypass standard cybersecurity defenses, reaching users directly.
• Impact on Businesses: Financial and operational repercussions are severe, including $1.5 million average recovery costs, encompassing remediation, data loss, legal expenses, and seven days of downtime, significantly disrupting operations and eroding customer trust.
• Critical Need for Mitigation: These attacks highlight the importance of implementing targeted vishing training, enhancing security protocols, and deploying real-time monitoring tools to effectively detect and mitigate such threats.

Protecting Your Organization

As vishing attacks become more sophisticated, protecting your organization requires a proactive, multi-layered approach. Combining employee education, advanced tools, and robust security protocols can significantly reduce the risk of falling victim to voice phishing.

Strategies to Counter Vishing

1. Implement Security Awareness Training: Equip employees to detect voice phishing, especially in collaboration platforms.
2. Leverage AI-Powered Tools: Deploy solutions that monitor and flag AI-driven impersonation attempts.
3. Simulate Vishing Scenarios: Regularly test employee readiness through realistic simulations.
4. Strengthen Protocols: Introduce verification layers for sensitive requests.
5. Optimize Platform Security: Enable advanced features in Microsoft Teams to restrict unauthorized access.

How Keepnet Helps Mitigate Vishing Risks

With vishing attacks becoming more targeted and deceptive, organizations need to fortify their defenses. Keepnet offers specialized tools and strategies that empower employees to recognize and respond to voice phishing attempts, reducing the risk of security breaches.

Proven Success Stories

Organizations partnering with Keepnet have significantly improved their defenses against vishing threats. Here are two success stories that showcase measurable outcomes:

European Bank

This European bank faced significant vishing threats as a leading financial institution with operations across multiple countries. Keepnet partnered with a European bank of 40,000+ employees across four countries. Outcomes:

• Increased fake call detection by 30% within six months.
• Reduced incident response costs by 38%, saving $171,600 annually.
• Cut incident response times from 18 to 7 hours.

Read more about this success story about a European Bank and how they stopped voice phishing attacks with Keepnet.

Teknosa Retailer

As a prominent technology retailer with a widespread presence, Teknosa faced escalating vishing threats that required immediate action. Teknosa, with 211 stores and 2,500 employees, achieved:

• 80% improvement in fake call recognition.
• Saved $30,000 annually on response costs.
• Prevented $439,250 in losses annually through Keepnet’s AI-powered Vishing Simulator.

Also, read more about Teknosa’s success story in mitigating voice phishing risks.

Advanced Tools from Keepnet Human Risk Management

• Vishing Simulator: Industry-leading simulator to enhance employee preparedness against voice threats. Read the blog below and learn more about how to start your vishing simulation campaign step by step.
• Behavioral Science-Based Training: Tailored programs adapting to individual employee vulnerabilities.
• Platform Integration: Seamless incorporation with Microsoft Teams to fortify communication security.

Conclusion: Stay Ahead of Vishing Threats

With platforms like Microsoft Teams dominating workplace communication, businesses must prioritize defenses against vishing threats. Leveraging tools like the Keepnet Vishing Simulator can empower employees to detect and thwart attacks effectively.