In terms of cybersecurity, the online threat posed by AI can have a very significant impact on individuals and organizations around the world. Traditional phishing scams evolved through the development of abuse of AI tools and are becoming more and more frequent every year, refined and difficult to detect. Artificial intelligence fishing may be the most concerned of these evolving technologies.
What is ai vishing?
Artificial intelligence phishing is the evolution of voice phishing, where attackers pretend to be trusted individuals, such as bank representatives or technical support teams, induce victims to perform actions such as transferring funds or handing over their accounts.
AI enhances the bait scam with techniques including voice cloning and mimicking trustworthy personal voices. Attackers can use AI to automate calls and conversations, allowing them to target large numbers of people in a relatively short period of time.
AI in the real world waiting to be fished
Attackers use AI phishing technology without distinction, and target everyone from vulnerable people to businesses. These attacks proved to be very effective, with Americans losing 23% of their wine from 2023 to 2024. To put it in the context, we will explore some of the most compelling AI Vishing attacks that have occurred in the past few years.
Italian business scam
In early 2025, scammers used AI to imitate the voice of Italian Defense Minister Guido Crosetto in an attempt to deceive some of Italy’s most prominent business leaders, including fashion designer Giorgio Armani and Prada co-founder Patrizio Bertelli.
As Crosetto’s impersonation, the attackers claimed emergency financial assistance was needed to release the kidnapped Italian journalist in the Middle East. In this case, only one goal is the target of the scam – Massimo Moratti, former owner of Inter Milan, and police managed to retrieve the stolen funds.
Siege hotels and travel companies
According to the Wall Street Journal, AI fishing attacks on the hotel and travel industries increased significantly in the last quarter of 2024. Attackers use artificial intelligence to mimic travel agencies and company executives to trick former outdoor workers into leaking sensitive information or granting unauthorized access to the system.
They do this by instructing a busy customer service representative to open an email or browser with a malicious attachment during peak operational hours. Telephone scams are considered a “persistent threat” due to their outstanding capabilities of partners who work with hotels through AI tools.
Romantic scam
In 2023, attackers used artificial intelligence to mimic the voices of family members in distress, with the scam about $200,000. It’s hard to spot scam calls, especially for older people, but it’s almost impossible to spot when the sound on the other end of the phone sounds like a family member. It is worth noting that this incident happened two years ago – since then, voice cloning has become more complicated.
AI Vishing-As-A-Service
Over the past few years, AI Vishing-As-As-Service (VAAS) has been a major contributor to AI Vishing growth. These subscription models can include spoofing features, custom prompts and adaptive agents that allow bad actors to launch AI phishing attacks on a massive scale.
In Fortra, we have been following Puglvalley, one of the major players in the AI Vishing-As-Service Market. These efforts give us an in-depth understanding of threat groups and, perhaps more importantly, clearly demonstrate advanced and complex capture attacks.
Plugvalley: ai vaas discovered
Punkvalley’s Vishing Bot allows threatening participants’ deployment lifespan, customizable sounds to manipulate potential victims. The robot can adapt in real time, mimicking human voice patterns, spoofing caller IDs, and even adding call center background noise to voice calls. It makes the AI Vishing scam as convincing as possible, helping cybercriminals steal bank margins and one-time passwords (OTPs).
Plugvalley removes the technical barriers for cybercriminals and offers scalable fraud technology when clicking a button’s nominal monthly subscription.
AI VAAS providers, such as Plugvalley, are not just running scams; they are industrial phishing. They represent the latest evolution in social engineering, allowing cybercriminals to weaponize machine learning (ML) tools and take advantage of people’s strengths.
Prevent AI fishing
In the coming years, AI-driven social engineering technologies such as AI Vishing will become more common, effective and complex. Therefore, it is important for organizations to implement proactive strategies such as employee awareness training, enhanced fraud detection systems and real-time threat intelligence, i.e.
On a personal level, the following guides can help identify and avoid attempts to capture AI:
- Sceptical about unsolicited calls: Promote caution through unexpected calls, especially those that require personal or financial details. Legal organizations typically do not require sensitive information over the phone.
- Verify caller identity: If the caller claims to represent a known organization, please independently verify his identity by contacting the organization directly using the official contact information. Wired recommends creating a secret password with your family to detect Vishing attacks claimed to be from family members.
- Restrict information sharing: Avoid disclosing personal or financial information during unsolicited calls. Be especially alert if the caller has a sense of urgency or threatens negative consequences.
- Educate yourself and others: Please inform us about common phishing strategies and share this knowledge with friends and family. Consciousness is a key defense against social engineering attacks.
- Report suspicious phone number: Provide information about fishing attempts to relevant authorities or consumer protection agencies. Reporting helps track and mitigate fraudulent activity.
According to all signs, the AI will stay here for fishing. In fact, it may continue to increase the number and improve execution. With the prevalence of deep litigation and the ease of adoption of using AS-A-Service models, organizations should predict that at some point, they will be subject to targets.
Employee education and fraud detection are key to preparing for and preventing AI capture attacks. The complexity of AI phishing can even convince highly trained security professionals that seemingly authentic demands or narratives. Therefore, a comprehensive, layered security strategy integrating technical assurance with a consistently informed and vigilant workforce is crucial to mitigating the risks posed by AI phishing.
