9 minutes reading
Key Takeaways
- AI vishing attacks use cloned voices to convincingly impersonate executives, vendors, or internal teams.
- These attacks exploit trust and urgency, making employees more likely to bypass normal verification steps.
- Traditional phishing training alone cannot prepare users for real-time voice manipulation attacks.
- AI vishing simulations allow organizations to safely test employee response to realistic voice-based threats.
- Continuous simulations and targeted training help reduce human risk and strengthen social engineering defenses.
In February 2026, BlackFile initiated a bold AI vishing campaign targeting enterprises.
Not just random. Targeted, researched calls, and well-timed calls to retail, BFSI, hospitality, and e-commerce companies’ employees. Using callers who appeared to be representatives of the internal IT helpdesk. The match with internal directories was uncanny. The language was precise and confident.
Before most organizations could understand what had hit them, customer data was being offered on dark web leak sites, and ransom demands were being made. Some boardrooms were beginning to get phone calls from angry ‘customers’ and death threats to swat in.
This is what the most wide-ranging artificial intelligence (AI) phishing campaign has looked like. And BlackFile, also called UNC6671 and Cordial Spider, is executing one of the most productive assault campaigns we‘ve seen all year:
What Actually Happened
BlackFile did not infiltrate these organizations through a software exploit: zero-day, no mouse, no malware, no odd file attachments.
It was a phone call.
The group spoofs caller IDs and CNAMs so that the call appears to originate from inside the target group. The target employee picks up the phone and hears an authoritative, warm, and urgent-sounding voice: “We need to verify your credentials before suspending your access.” Can you log in here quickly?
Yes. The login page is only a fake portal. Passwords are sent directly to the attacker.
Then the attacker is ready to go. He initiates a legitimate login request using the pilfered credentials, then instructs the staff member to approve the push notification on their mobile device. Just a regular security procedure. One tap.
The attacker has the trusted machine running on a live account. They then float around Salesforce, SharePoint, internal HR systems, and customer databases – all via a valid SSO session. No alarms are raised. Nothing suspicious.
And the data is lost before anyone has a chance to look at it. Send FUD message.
Book a Free Demo Call with Our People Security Expert
How AI Vishing Works
Traditional vishing relied on human callers. Social engineers who knew how to think on their feet, knew how to react to resistance, and knew how to keep someone on the line. That required an army of people, which was tough to scale.
What if AI vishing changes everything?
All of this can be done by AI-enabled voice agents that can do 100s of these calls at once. They aren’t trained on a fixed script; they are much more reactive to the person’s response. They can change tone anytime and get more aggressive as the person begins to crack. Most people have no idea it‘s a robot.
Deepfake voice phishing is an even more extreme form. With the tiniest sample of the victim‘s voice, it can replicate the victim’s voice. It isn’t a voice on the end of the line from some faceless tech support person; it’s the employee talking to her team lead, the CEO, or the head of the IT department. That stolen familiarity will fool anyone.
And this is where AI vishing wins. It doesn‘t prey on a system. It preys on the cachet instantly granted to a recognized voice.
Why Organizations Are Especially Exposed Right Now
Retail, BFSI, hospitality, and e-commerce companies hold exactly what AI vishing attackers are hunting. Large volumes of customer PII. Payment records. Financial data. All of it sits behind enterprise systems that a single compromised login can open.
A successful AI vishing attack does not just produce a data breach. It triggers a compliance crisis, a customer trust problem, and an extortion situation all at once.
What is worse is that most employees haven‘t been put through this kind of testing. They‘ve seen fake phishing email attacks. They’ve never spoken with a real AI voice, from what seems to be an internal number, with the proper context and pressure.
In fact, this is exactly the untested space that these attacks exploit.
How Threatcop‘s AI Vishing Simulation Closes the Gap
You cannot experience an AI vishing so well that it doesn‘t terrify you when you do, because the main part of that gut feeling is first experiencing a realistic simulation before the real attacker gets in.
Threatcop has a TSAT platform that can conduct comprehensive simulations so that they feel the set they’re in from the very beginning of a process through to when an employee catches on or makes a mistake. There are four different steps.
Step 1: Template Creation
This is where the attack is made: the admin establishes the scenario the AI will act out, placing it in its role, selecting its tone, and dictating how the AI should respond to the employee‘s response or action. However, it‘s not a set script but a natural conversational flow.
The admin adds the attacker‘s name, contact details, and the brand the AI will attack. The simulation can then be previewed before going live.
Step 2: Campaign Creation
This is where the simulation is actually dispatched to the appropriate users. The admin selects which subset of employees will run the simulation and when it will run.
All teams are assigned a different scenario. A finance team member receives a call about suspicious activity on a business account. An IT support team member receives a call about a critical issue with system access. The scenario is customized according to the individual‘s position because that‘s how real AI vishing attacks are orchestrated.
Step 3: User Simulation and AI WhatsApp Engagement
This is the part the employee actually experiences.
It can begin with an email, ostensibly from a brand they recognize, such as a bank, a courier, or the software platform they use for work. The email will make you feel like you have to do something and will have a firm call to action. When the employee clicks it, they land in a WhatsApp conversation with what appears to be a support agent from that brand.
WhatsApp is chosen deliberately. It is familiar. People use it every day. That familiarity lowers the guard in a way that an unfamiliar web form never would.
From there, the AI takes over. It holds a natural conversation, listens to what the employee says, and gradually works toward asking for something sensitive. A verification detail. An account number. An employee ID. The request is never blunt. It builds slowly throughout the conversation, so by the time it arrives, it feels completely reasonable.
If the employee hands over that information, the simulation captures it, and training kicks in immediately.
Step 4: Response Monitoring and Analysis
Once the simulation runs, every action gets logged. Who opened the email? Who clicked the link? Who started the conversation? Who gave up sensitive information, and at what point in the exchange?.
The full transcript of every AI conversation is saved and can be reviewed. Security teams can read exactly what was said, where the employee hesitated, and what finally got them. That detail makes follow-up training far more useful than a generic debrief.
The overall campaign report shows the compromise rate across the whole group, giving security leaders a clear, data-backed picture of where the human risk actually sits.
What Organizations Should Do Right Now
Technical controls are necessary. Keep them running. But no firewall catches a phone call, and no SIEM flags an employee who willingly hands over their credentials to someone they believe is from IT.
Start with a baseline simulation. You need to know how your people actually behave under this kind of pressure before an attacker finds out for you.
Target the training where the data shows it is needed. Not blanket awareness emails to the whole company. Focused, repeated simulations for the teams and individuals who are most at risk.
Build a simple verification habit. Any call requesting a credential, MFA approval, or access to a sensitive system should always be followed up with a direct callback to a confirmed internal contact. That one habit alone stops most AI vishing attempts cold.
And make sure employees understand what deepfake voice phishing actually means in practice. A familiar-sounding voice is not proof that the call is legitimate. Urgency on a call is a pressure tactic, not a reason to move faster. The right response to any unexpected request for access or information is always to pause and verify through a separate channel.
BlackFile is still implementing this campaign. The attacks are ongoing. Those organizations that pass through without a breach will not have the best technology stack. They will be the ones whose employees had already gone through an AI phishing simulation and knew just what to do when the real call came.
FAQs
How do attackers use deepfake voices in AI vishing attacks?
Attackers clone a specific person's voice using a short audio sample pulled from a public video, voicemail, or recorded call. That cloned voice is then used in the attack so the target hears someone they already recognize and trust, which makes them far less likely to question the request.
Why are employees so vulnerable to AI vishing attacks?
Phishing email training does not prepare someone for a live phone call. There is no link to inspect, no time to think, and the social pressure is immediate. When the voice sounds familiar, and the request sounds urgent, most people comply without questioning it. They have simply never been put through a realistic AI vishing scenario before.
What information do AI vishing attackers typically try to steal?
Login credentials, MFA approvals, and account verification details are the most common targets. Once an attacker has valid credentials and a registered device, they can access enterprise systems through legitimate sessions and pull customer data, financial records, and internal documents without triggering any alerts.
How can organizations protect themselves against AI vishing attacks?
Two things matter most. First, run simulation-based training so employees experience a realistic AI vishing call before a real one arrives. Second, build a verification habit: any call requesting credentials or system access requires a callback to a confirmed internal number before any action is taken.
Purva is a Technical Content Strategist at Threatcop with an MBA in Business Analytics, specializing in SEO-driven content and technical editing across IT and digital domains, and is the author of the book From a Daughter’s Eye.