Attackers call targets directly, posing as authoritative figures. In one case, criminals used AI deepfake technology to clone the voice of a CEO. In 2019, the head of a UK energy company received a call from what sounded exactly like his boss, demanding an urgent transfer to a supplier. Believing the request was genuine, he wired USD 243,000 to the fraudsters.
When the attackers later called again to request another transfer, the CEO noticed discrepancies in the caller ID and the previous payment status, preventing further losses. This case shows that even voices can be convincingly faked, making voice verification unreliable.
Common Telephone Scams:
Fraudsters frequently impersonate banks, telecoms, or government agencies to pressure victims into providing credentials or payments. Typical examples include: fake bank calls about suspicious transactions, telecom calls claiming unpaid bills with threats of service suspension, or fake police/judiciary calls alleging legal trouble and demanding cooperation. These calls often use stern tones and create a sense of urgency, making victims panic and comply.
Tech support scams are also common: callers claim to be from Apple or Microsoft, warning that a device has been hacked and instructing the user to install “fixing software,” which is actually malware. Such scams exploit trust in authority and fear of problems to manipulate victims.
Fake Internal IT Support:
In some cases, attackers impersonate internal IT staff. For instance, in 2022, communications company Twilio reported a breach after employees received fake IT messages urging them to reset their passwords via phishing links.
Once credentials were stolen, attackers accessed internal systems and customer data. Other attackers have used “MFA fatigue” tactics, repeatedly sending login requests and then calling employees while impersonating IT support, tricking them into providing one-time passcodes or mistakenly approving login attemptssuccessfully bypassing multi-factor authentication.
These incidents highlight the importance of independently verifying any IT-related requests and never following instructions from suspicious calls.
