Vishing is coming up more and more in conversations with customers. With recent attacks linked to groups like ShinyHunters, Scattered Spider, and Lapsus$, protecting employees, call centers, and executives is top of mind. A few concepts we’re spending time on: Partials: Campaigns where attackers call multiple people, collecting small bits of intel from each interaction, then stitching it together to successfully socially engineer the final target. Identity vs. Intent Verification: Verifying who is on the phone is one thing. Verifying that they truly intend to make a requested change is another, especially when someone may have been manipulated into calling in the first place. Deepfakes in Vishing: Voice cloning and synthetic audio are showing up in vishing workflows, putting pressure on traditional voice verification and forcing teams to rethink what “trust” sounds like over the phone. Social engineering is something we think about every day at Doppel, and the multi-channel threat landscape is evolving fast. Curious to hear how others are approaching this.
The partials really strikes a chord with me. I've seen this also become multi-channel with a vishing attack used to socially engineer part of a workflow and to gain insights and credibility only to use those in a chat session to spring the trap. Deepfakes are getting better every day it seems. So much so that the whole process of customer verification and KYC checks seems to be at risk. And if sophisticated experts whose job it is to validate someone's identity can't tell the difference, how will your helpdesk agent when they are asked to reset a password or help bypass MFA because a supposed exec's second factor is unavailable? We try to train but it really isn't fair to the agents to expect them to keep up. It is one thing knowing these types of attacks and situations happen, but it is an order of magnitude more difficult for them to tell when it is happening in real time with all the other pressures they are under.
Kevin — We’re seeing the same shift across banks, telcos, and enterprises, with vishing becoming multi-step and compositional, with “partials” stitched across calls and channels. The identity vs. intent distinction is increasingly where defenses fail, especially when manipulation or synthetic audio is involved. Voice cloning is now showing up in real vishing workflows, putting pressure on static voice verification and pushing teams toward real-time authenticity signals during live interactions. Teams taking a layered, cross-channel approach will be best positioned as this accelerates.
This aligns closely with what I’m seeing as 2026 gets underway. Vishing isn’t random anymore.....it’s coordinated, intelligence-driven, and multi-step, with partials and pretexting doing most of the work before the “real” call ever happens. A real shift for many organizations is recognizing that confirming identity isn’t the same as understanding intent, especially when someone may already be manipulated into making the request. The teams making progress are redesigning call flows and escalation paths to assume that pressure, urgency, and synthetic voice are part of the "threat model" - including and especially at the executive level.