Key Takeaways
- Highly interactive voice phishing is the second-most common cyberthreat vector, making up 11% of incidents.
- Email phishing only makes up 6% of incidents, says a new Google report.
- Voice social engineers can target IT help desks to bypass multifactor authentication.
Voice phishing is getting better and better: It’s now the second most popular initial entry point for cyber attacks, according to Google.
The Google Threat Intelligence Group’s latest report is out from incident response unit Mandiant, and it found that “highly interactive” voice fakery now makes up 11% of vectors observed across 2025.
That’s almost twice as frequent as email phishing attacks (6%), which were once a huge staple of hackers everywhere.
Voice Phishing Surged Across 2025, New Data Shows
“Highly interactive voice phishing saw a significant surge to 11%, becoming the second-most commonly observed vector” in 2025, the report said.
However, it notes that “exploits remained the most common initial infection vector for the sixth consecutive year, accounting for 32% of intrusions.”
This just in! View
the top business tech deals for 2026 👨💻
What does voice phishing look like in practice? Some groups target IT help desks with the aim of fully bypassing typical security measures like multifactor authentication (MFA) in order to get the initial access to software-as-a-service (SaaS) environments that they need.
Email Phishing Attempts Were Less Frequent
In a sharp contrast, email phishing fell to just 6% of intrusions last year. Social engineers appear to be moving to audio and away from text.
Other takeaways from the new report:
- Cybercriminals a lot faster at handing off initial access in targeted environments: Their window was just 22 seconds in 2025 – huge drop from eight hours in 2022.
- Global median dwell time is 14 days, up from 11 days. This “likely reflects growing sophistication, particularly in evading defenses.”
- Organizations are getting better at spotting threats internally: “52% of the time organizations first detected evidence of malicious activity internally, an increase from 43% in 2024.”
Cyber Criminals Love AI Tools
AI-powered voice phishing is just the start: Once they’ve gained access, hackers can harvest OAuth tokens and session cookies or steal hard-coded keys and personal access tokens. They can then use all that data to infiltrate downstream environments and steal mass amounts of customer data.
The new report joins similarly troubling analyses from recent months.
Most recently, we covered a study by Armis that claimed cyber crime had hit a global “tipping point.” We’ve also heard from yet another study which determined that a full 68% of professionals say existing security tools can’t mitigate new threats.
