""It's the interactive ones, the voice based ones, that are really creating a new challenge," he told The Register in an interview about the security shop's annual M-Trends report, based on data collected from Mandiant's more than 500,000 hours of incident response engagements conducted around the world last year."
""What we've seen in 2025 is certain threat actors calling IT help desks to, for example, register attacker-controlled devices for MFA to try and reset passwords," Kutscher said. "They're building a number of different scenarios to trick IT help desks, and an IT help desk, by default, tries to help. That's part of the reason why the social engineering attacks that are interactive are so powerful.""
Voice phishing surged in 2025, becoming the second most common method for cybercriminals to gain initial access to IT systems, particularly in cloud environments. Attackers used voice-based phishing in 11 percent of attacks, while exploiting vulnerabilities accounted for 32 percent. Non-interactive phishing methods declined to six percent. Threat actors increasingly targeted IT help desks, using social engineering tactics to manipulate staff into granting access or resetting passwords, highlighting the effectiveness of interactive scams.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]