Phishing isn't limited to your inbox anymore.

ZDNet. Written by Lance Whitney March 4, 2025 at 6:25 a.m. 

Cybercriminals and hackers employ a variety of methods to access and steal sensitive information from individuals and organizations. One increasingly popular approach is vishing, or voice phishing. Here, the attacker tricks someone into sharing account credentials or other information through a simple phone call. According to the latest data from security firm CrowdStrike, these types of attacks have been skyrocketing.

In its 11th annual 2025 CrowdStrike Global Threat Report, the security provider revealed that vishing attacks jumped 442% in the second half of 2024 compared with the first half. Throughout the year, CrowdStrike Intelligence tracked at least six similar but distinct campaigns in which attackers pretending to be IT staffers called employees at different organizations.

In these particular campaigns, the scammers tried to convince their intended victims to set up remote support sessions, typically using the Microsoft Quick Assist tool built into Windows. In many of these, the attackers used Microsoft Teams to make the phone calls. At least four of the campaigns seen by CrowdStrike used spam bombing to send thousands of junk emails to the targeted users as a pretext for the alleged support call.

The type of vishing used in these attacks is often known as help desk social engineering. Here, the cybercriminal posing as a help desk or IT professional stresses the urgency of the call as a response to some made-up threat. In some cases, the attacker requests the person's password or other credentials. In other cases, such as the ones documented in the report, the scammer tries to gain remote access to the victim's computer.

Another tactic seen by CrowdStrike is callback phishing. Here, the criminal sends an email to an individual over some type of urgent but phony matter. This could be a claim for an overdue invoice, a notice that they've subscribed to some service, or an alert that their account has been compromised. The email contains a phone number for the recipient to call. But naturally, that number leads them directly to the scammer, who tries to con them into sharing their credit card details, account credentials, or other information.

Because these attacks are usually aimed at organizations, ransomware is another key component. By gaining access to network resources, user or customer accounts, and other sensitive data, the attackers can hold the stolen information for ransom.

In its report, CrowdStrike identified a few different cybercrime groups that use vishing and callback phishing in their attacks. One group known as Chatty Spider focuses mostly on the legal and insurance industries and has demanded ransoms as high as $8 million. Another group called Plump Spider targeted Brazil-based businesses throughout 2024 and uses vishing calls to direct employees to remote support sites and tools.

"Similar to other social engineering techniques, vishing is effective because it targets human weakness or error rather than a flaw in software or an operating system (OS)," CrowdStrike said in its report. "Malicious activity may not be detected until later in an intrusion, such as during malicious binary execution or hands-on-keyboard activity, which can delay an effective response. This gives the threat actor an advantage and puts the onus on users to recognize potentially malicious behavior."

Other security firms have seen a dramatic rise in vishing attacks. Last October, Zimperium's zLabs research team uncovered a malware known as FakeCall, notable for its advanced use of vishing. Here, the scammers use phone calls to try to trick potential victims into sharing sensitive information such as credit card numbers and banking credentials. FakeCall itself works by hijacking the call functions on Android phones to install the malware.

To protect yourself, your employees, and your organization from vishing attacks and similar threats, CrowdStrike offers the following tips:

• Video authentication and government ID are required for employees who call the help desk to request password resets.
• Train help desk employees to be cautious when answering phone calls requesting password or MFA (multi-factor authentication) resets. They should be especially wary if those calls come outside regular business hours or if a high number of such requests occur in a short period of time.
• Use more advanced authentication methods such as FIDO2 to guard against account compromise.
• Monitor for attempts in which more than one person tries to register the same device or phone number for MFA.
• Offer regular security training for employees. Teach them how to recognize phishing attempts and social engineering attacks.
• Regularly apply security patches and other fixes to resolve critical vulnerabilities.

A couple of security experts also shared their recommendations with ZDNET.

"Taking systems offline as soon as a threat is detected is a vital first step in containment, but it is inadequate on its own," said Patrick Tiquet, vice president of security and architecture at Keeper Security.

"To counteract secondary tactics, such as vishing, security teams should swiftly inform customers and partners about the breach through official channels, providing clear guidance on how to protect themselves against these threats," Tiquet added. "Training sessions for employees and stakeholders on recognizing these attempts and verifying any unsolicited communications before sharing sensitive information are crucial."

Individual users and consumers should also be cautious about unexpected phone calls that sound legitimate.

"When I talk to colleagues, friends, and family, I remind them that if a call is unexpected and asks for personal or financial information, it's time to question everything," said Akhil Mittal, senior manager at security provider Black Duck.

"I also stress the importance of slowing down, verifying who's calling, and never hesitating to hang up. Use the official number from a bank's website or statement to call back and confirm," Mittal added. "Finally, just because a caller knows your address or part of your account number doesn't make them legit; criminals often have that info beforehand. If the caller pressures you to act fast, it's a sign you should stop and verify."

 What is vishing? Voice phishing is surging - expert tips on how to spot it and stop it | ZDNET 

 by Emma Roth The Verge, Feb 12, 2025, 11:17 AM EST  

Scarlett Johansson is calling on the government to pass a law limiting the use of AI after a video featuring an AI deepfake of the actress circulated online. In a statement to People, Johansson said, “It is terrifying that the U.S. government is paralyzed when it comes to passing legislation that protects all of its citizens against the imminent dangers of A.I.”

The video in question shows Johansson, along with other Jewish celebrities including Jerry Seinfeld, Mila Kunis, Jack Black, Drake, Jake Gyllenhaal, Adam Sandler, and others, wearing a t-shirt that shows the name “Kanye” along with an image of a middle finger that has the Star of David in the center. Ye (formerly known as Kanye West) returned to X last week to post antisemitic comments. He also began selling shirts with a swastika on his website, which has since been taken down.

“I am a Jewish woman who has no tolerance for antisemitism or hate speech of any kind,” Johansson said, according to People. “But I also firmly believe that the potential for hate speech multiplied by A.I. is a far greater threat than any one person who takes accountability for it. We must call out the misuse of A.I., no matter its messaging, or we risk losing a hold on reality.”

Johansson said that she urges lawmakers “to make the passing of legislation limiting A.I. use a top priority,” adding that “it is a bipartisan issue that enormously affects the immediate future of humanity at large.” Johansson has been outspoken about AI since the technology started becoming more accessible. In 2023, she sued an AI app developer for using her name and likeness in an online ad. 

She later called out OpenAI for using a voice that sounded a lot like hers in ChatGPT, leading OpenAI to stop using the voice.

Last year, lawmakers introduced a bill to combat sexually explicit deepfakes, but there has been little movement on other forms of AI regulation. California governor Gavin Newsom vetoed a major AI safety bill in September 2024, while President Donald Trump reversed Joe Biden’s executive order to establish safety guidelines for AI. 

This week, the US and UK also declined to sign an international AI declaration that promotes the “ethical” use of the technology.

OpenAI has raised tens of billions of dollars to develop AI technologies that are changing the world.

But there's one glaring problem: it's still struggling to understand how its tech actually works.

During last week's International Telecommunication Union AI for Good Global Summit in Geneva, Switzerland, OpenAI CEO Sam Altman was stumped after being asked how his company's large language models (LLM) really function under the hood.

"We certainly have not solved interpretability," he said, as quoted by the Observer, essentially saying the company has yet to figure out how to trace back their AI models' often bizarre and inaccurate output and the decisions it made to come to those answers.

When pushed during the event by The Atlantic CEO Nicholas Thompson, who asked if that shouldn't be an "argument to not keep releasing new, more powerful models," Altman was seemingly baffled, countering with a half-hearted reassurance that the AIs are "generally considered safe and robust."

Altman's unsatisfying answer highlights a real problem in the emerging AI space. Researchers have long struggled to explain the freewheeling "thinking" that goes on behind the scenes, with AI chatbots almost magically and effortlessly reacting to any query that's being thrown at them (lies and gaslighting aside).

But try as they might, tracing back the output to the original material the AI was trained on has proved extremely difficult. OpenAI, despite the company's own name and origin story, has also kept the data it trains its AIs on extremely tightly to its chest.

A panel of 75 experts recently concluded in a landmark scientific report commissioned by the UK government that AI developers "understand little about how their systems operate" and that scientific knowledge is "very limited."

"Model explanation and interpretability techniques can improve researchers’ and developers’ understanding of how general-purpose AI systems operate, but this research is nascent," the report reads.

Other AI companies are trying to find new ways to "open the black box" by mapping the artificial neurons of their algorithms. For instance, OpenAI competitor Anthropic recently took a detailed look at the inner workings of one of its latest LLMs called Claude Sonnet as a first step.

"Anthropic has made a significant investment in interpretability research since the company's founding, because we believe that understanding models deeply will help us make them safer," reads a recent blog post.

"But the work has really just begun," the company admitted. "The features we found represent a small subset of all the concepts learned by the model during training, and finding a full set of features using our current techniques would be cost-prohibitive."

"Understanding the representations the model uses doesn't tell us how it uses them; even though we have the features, we still need to find the circuits they are involved in," Anthropic wrote. "And we need to show that the safety-relevant features we have begun to find can actually be used to improve safety."

AI interpretability is an especially pertinent topic, given the heated debate surrounding AI safety and the risks of having an artificial general intelligence go rogue, which to some experts represents an extinction-level danger for humanity.

Altman himself recently dissolved the company's entire so-called "Superalignment" team, which was dedicated to finding ways to "steer and control AI systems much smarter than us" — only to anoint himself as the leader of a replacement "safety and security committee."

Given the embattled CEO's latest comments, the company has a long way to go before it'd be able to reign in any superintelligent AI.

Of course, it's in Altman's best financial interest to keep reassuring investors that the company is dedicated to safety and security — despite having no clue how its core products actually work.

"It does seem to me that the more we can understand what’s happening in these models, the better," he said during last week's conference. "I think that can be part of this cohesive package to how we can make and verify safety claims."

Deepfakes are about to explode in number and sophistication, especially because new generative AI video, audio, and image tools make it easier than ever before to generate and manipulate content.

What’s interesting is that most VC’s don’t seem to be paying much attention to the deepfake detection and anti-AI security space. More than $2.7 billion has been invested in consumer generative AI content tools, but only $500 million in deepfake detection (Pitchbook). That’s surprising, given deepfakes can cost companies millions, and according to one study, fake news cost the global economy $78 billion in 2020. 

Are investors right?

Maybe deepfake detection tools simply can’t keep up, so we should just make creators and publishers embed provenance data and call it a day. That’s what C2PA, a joint effort among Adobe, Arm, Intel, Microsoft and Truepic, aims to do with its new technical standard.

To dig more into this, I looked into how startups and incumbents are fighting deepfakes (market map below):

There’s 3 major ways that players are addressing deepfakes:

Method #1: Detection tools use various techniques to determine whether an image or video has been manipulated or created by AI. Some of these companies, like BioID, Clarity, and Kroop, use AI models trained on real and fake images to spot the differences.

Others identify specific signs that images, videos, and audio have been manipulated. For example, Intel’s FakeCatcher analyzes patterns of blood flow to detect fake videos. DARPA’s Semantic Forensic project develops logic-based frameworks to find anomalies, like mismatched earrings. Startups working on this include Attestiv, DeepMedia, Duck Duck Goose, Illuminarty, Reality Defender, and Resemble AI.

ID verification tools are a subset of detection tools built to authenticate personal documents and user profiles. They often combine image analysis with liveness detection (i.e., when you’re asked to take a selfie or make a face). AuthenticID, Hyperverge, Idenfy, iProov, Jumio, and Sensity are some of the companies in this space.

Of course, detection-based approaches are inherently retroactive, so they have to constantly keep up with evolving generative AI models. But many of these tools have 80%+ accuracy rates, compared to only about 60% for humans.

Method #2: Certification tools, on the other hand, proactively embed provenance data into image and video files, with a record permanently stored on a blockchain. Truepic allows enterprises to add, verify, and view C2PA content credentials, including at the point of capture on smartphone cameras. Similarly, CertifiedTrue allows users to capture, store, and certify photos for legal proceedings. This information is then recorded on a blockchain, which makes it permanent, public, and unalterable.

The upside is that we’re beginning to establish a standard for content authenticity; the downside is that these programs are opt-in. Authenticating all or even most of the content that exists and will be generated will be a major challenge, though some camera makers, like Canon, are working on embedding authentication at the point of capture.

However, with the proliferation of deepfakes, the paradigm is shifting from “real until proven fake” to “fake until proven real”. Authentication at the hardware level will likely become the only way to prove humanity, since publisher- or social media-level authentication only proves where content first appeared, not whether a human made it.

Method #3: Lastly, narrative tracking platforms examine how fraud and disinformation spreads through the web, keeping corporations and governments informed of high-risk narratives. This is a bigger-picture approach to fighting deepfakes that tracks the spread of misinformation online and verifies content by examining it in context.

Players include startups like Blackbird.AI and Buster.AI, as well as public-private partnerships like the EU-funded project WeVerify. For example, large companies use Blackbird.AI’s Constellation Dashboard to track online narratives, which are given risk scores, so that they can mitigate misinformation.

There’s not a single tool or strategy that can completely protect against the impact of deepfakes, so individuals, enterprises, and governments will have to rely on a mix of solutions. There’s certainly room for entrants in the deepfake detection and anti-AI security space.

Here are some key opportunities for builders and investors:

1. Selling content moderation models to internet companies, like Hive does to social media platforms, dating apps, and online marketplaces, may be a white space for deepfake detection companies. These companies already have detection models that they’re packaging to sell to enterprise and federal security teams, and social media companies in particular face challenges with manipulated media. The default for content moderation today is outsourcing to low-paid human moderators.
2. More blockchain-based certification tools, especially those that allow consumers to authenticate their own content. Large media companies (like Fox and the C2PA consortium) and hardware companies are working on authentication standards. But there’s 27 million paid content creators in the US alone and 10 million creative freelancers worldwide that have an interest in protecting their images and work. There’s also private citizen use cases, like countering revenge porn. Currently, other than simple watermarking, there’s no simple solution for consumers to authenticate their own content and record it on the blockchain.
3. There’s an edtech angle. As AI generated data becomes more realistic, workforces, government employees, and private citizens need to supplement digital tools with education on how to spot fraudulent content. There’s great free educational content online, but I expect deepfake detection curriculum will need to be integrated into HR training and other educational tools.

There’s no magic formula for defending against deepfakes. But with deepfakes causing financial and reputational harm to people, organizations, and governments, deepfake detection is an area to watch.

 A high school athletic director was arrested after an AI-generated voice recording of his school's principal making racist comments went viral.

 Baltimore County Police arrested the former athletic director of Pikesville High School on Thursday, alleging he used an AI voice clone to impersonate the school’s principal, leading the public to believe Principal Eric Eiswert had made racist and antisemitic comments, according to The Baltimore Banner. 

Dazhon Darien was stopped at a Baltimore airport on Thursday morning attempting to board a flight to Houston with a gun, according to the Banner. Investigators determined Darien faked Eiswert’s voice using an AI cloning tool. The AI voice recording, which was circulated widely on social media, made disparaging comments about Black students and the Jewish community.

“Based on an extensive investigation, detectives now have conclusive evidence the recording was not authentic,” the Baltimore County Police said in a press release. “As part of their investigation, detectives requested a forensic analyst contracted with the FBI to analyze the recording. The results from that analysis indicated the recording contained traces of AI-generated content.”

This deepfake reportedly led to a public outrage causing Principal Eiswert to receive a wave of hateful messages and forcing his temporary removal from the school. The school’s front desk was flooded with calls from concerned parents. The Pikesville school district ultimately arranged for a police presence at the school and Eiswert’s house to restore a sense of safety.

Baltimore Police officials say the former athletic director made the AI recording to retaliate against the school’s principal. A month before the recording went viral, The Banner reports that Eiswert launched an investigation into Darien for potential theft of school funds. Darien authorized a $1,916 payment to the school’s JV basketball coach, who was also his roommate, bypassing proper procedures. Darien submitted his resignation earlier in April, according to school documents.

Police say Darien was the first of three teachers to receive the audio clip the night before it went viral. The Banner reports another teacher who received the recording sent it to students, media outlets, and the NAACP. Police wrote in charging documents that Darien used the school network to search for OpenAI tools and use large language models on multiple occasions. However, a lot of people use these AI tools these days. It’s unclear at this time how investigators were able to pinpoint Darien as the creator of this voice recording.

The creation of AI-generated audio deepfakes is an increasingly large problem facing the tech world. The Federal Communications Commission took steps in February to outlaw deepfake robocalls after a Joe Biden deepfake misled New Hampshire voters.

In this case, AI experts were able to identify the alleged audio of the Baltimore principal was a fake. However, this came two months after the audio went viral, and the damage may have already been done. AI deepfakes really need to be stopped early on to minimize harm, but that’s easier said than done.