Listen to this Post
In 2025, the cyber threat landscape underwent a notable shift. No longer is the inbox the primary battlefield for attackers—now, the phone line has become the weapon of choice. Mandiant’s annual M-Trends report revealed that voice-based phishing, also called vishing, surged dramatically last year, signaling a move toward more sophisticated, human-targeted cyberattacks. These attacks rely on social engineering, where threat actors impersonate trusted personnel or IT staff to gain network access. The rise of this tactic shows that attackers are investing more time and skill into fewer, but more impactful, campaigns.
Voice Phishing Surges as Email Declines
Mandiant highlighted that voice-based phishing accounted for 11% of all incidents investigated in 2025, primarily linked to cybercrime groups like The Com and its offshoot Scattered Spider. While exploited vulnerabilities remain the most common method for initial access—32% of all attacks last year—vishing represents a significant, dangerous shift toward interactive, high-investment attacks. Unlike email phishing, which relies on mass distribution and minimal effort, voice phishing requires sophisticated impersonation skills and careful planning.
“This type of social engineering attack is extremely powerful,” said Jurgen Kutscher, Mandiant’s VP. “It requires skills, patience, and the ability to convincingly interact with IT personnel. The results can be devastating, especially in large-scale campaigns.”
High-Profile Campaigns Highlight the Threat
Multiple large-scale campaigns last year involved vishing. Notably, Salesforce customers were targeted by threat groups tracked by Google Threat Intelligence as UNC6040 and UNC6240. These campaigns exemplify the broader global trend: attackers are shifting toward interactive approaches that exploit human behavior, bypassing traditional technical defenses.
Email Phishing Declines
Email phishing, historically the go-to method for cybercriminals due to its low cost and mass reach, dropped sharply. Mandiant found it responsible for only 6% of intrusions in 2025—down from 14% in 2024 and 22% in 2022. Unlike email attacks, voice phishing is resource-intensive, making it viable only when attackers expect high-value returns.
“The higher the investment, the higher the payout needs to be,” Kutscher explained. “Interactive phishing demands time, skill, and planning. Attackers won’t pursue it unless they see significant gain.”
Exploited Vulnerabilities Remain Critical
Despite the rise of social engineering, technical vulnerabilities remain a top vector. In 2025, the most exploited weaknesses included CVE-2025-31324 (SAP NetWeaver), CVE-2025-61882 (Oracle E-Business Suite), and CVE-2025-53770 (Microsoft SharePoint). These flaws were leveraged en masse, including as zero-day attacks.
Industries Under Fire
Mandiant logged over 500,000 hours of global incident response in 2025, an increase from 450,000 in 2024. Technology companies were the most frequent targets (17% of incidents), followed by finance (14.6%), business services (13.3%), and healthcare (11.9%). The trend illustrates a targeted approach where attackers focus on sectors with high-value data and operational reliance on IT systems.
What Undercode Say:
The shift from email to voice-based phishing represents a pivotal moment in cybersecurity. Traditional defenses, such as spam filters and antivirus, are insufficient against vishing, which exploits human psychology rather than system weaknesses. Attackers now invest heavily in reconnaissance and personalized deception, emphasizing quality over quantity.
Large organizations, especially tech and finance, face unique risks. The blend of sophisticated social engineering and unpatched vulnerabilities creates a “perfect storm” scenario. Threat actors leverage both human and technical vectors to maximize intrusion success. Companies relying on automated email filters may feel a false sense of security, but the human element remains the primary vulnerability.
Another critical insight is the role of attacker specialization. Groups like Scattered Spider demonstrate that cybercriminals are evolving into niche experts who combine social manipulation with technical exploitation. Their ability to impersonate IT staff convincingly challenges even advanced security protocols, such as multi-factor authentication, highlighting the need for robust employee training and verification processes.
The decline of email phishing also underscores a strategic shift. Cybercriminals are moving toward fewer, more targeted attacks with higher potential returns. These attacks are less about volume and more about precision, making them harder to detect and stop. Companies must rethink incident response, focusing on live, human-centric threats alongside traditional vulnerability management.
From a global perspective, the increase in hours spent on incident response—500,000 in 2025—signals that security teams are under unprecedented pressure. Resources are being stretched to counter complex attack patterns that combine technical and social exploitation. The persistence of zero-day attacks on enterprise platforms like SAP, Oracle, and Microsoft SharePoint further complicates defense strategies, reinforcing the need for proactive patch management and real-time monitoring.
In short, the security landscape is evolving: attackers are blending psychology with technical skill, and organizations must respond in kind. Understanding the human factor is no longer optional—it’s central to modern cybersecurity.
Fact Checker Results:
✅ Voice phishing accounted for 11% of incidents in 2025, confirming Mandiant’s report.
✅ Email phishing dropped to 6% of intrusions, reflecting a sharp decline over three years.
✅ Exploited vulnerabilities in SAP, Oracle, and SharePoint remained top initial access vectors.
Prediction:
📞 Voice-based phishing will continue to rise in 2026, with attackers refining impersonation techniques.
🛡️ Organizations investing in employee awareness and multi-layered authentication will better withstand vishing attacks.
🌐 Expect cross-industry campaigns targeting high-value IT assets, combining social engineering with zero-day exploits for maximum impact.
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: cyberscoop.com
Extra Source Hub (Possible Sources for article):
https://www.twitter.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon
