Voice Phishing is a Growing Social Engineering Threat

Mandiant found that voice phishing (vishing) overtook email as the leading initial intrusion vector in 2025; live, interactive calls allowed attackers to steer conversations and bypass automated controls, resulting in campaigns (attributed to clusters like UNC6040/UNC6240 and UNC3944) that harvested credentials and authorized attacker-controlled SaaS access, leading to Salesforce compromises and subsequent extortion demands.