According to the Quarterly Threat Trends & Intelligence Report co-authored by Agari and PhishLabs, voice phishing has increased by 550% in the last 12 months.

The report found that voice phishing has overtaken business email compromise (BEC) as the second most frequently reported response-based email threat since the third quarter of 2021.

Emails classified as potentially harmful by employees rose to a rate of 18.3% from 2021 to 2022. These malicious emails were broken down into the following threat vectors by percentage. This include attempted credential theft (58.7%), response-based attacks (37.5%), and Malware delivery attempts (3.7%).

Voice phishing in this case fell under the umbrella of response-based attacks, only second only to 419 types of attacks. These 419 attacks accounted for the majority of the attacks logged as response-based schemes at 54.1% of the malicious emails received. BEC came third behind voice phishing attempts with 12.8% of the emails received.

“Hybrid vishing campaigns continue to generate stunning numbers, representing 26.1% of total share in volume so far in 2022. We are seeing an increase in threat actors moving away from standard voice phishing campaigns to initiating multi-stage malicious email attacks. In these campaigns, actors use a callback number within the body of the email as a lure, then rely on social engineering and impersonation to trick the victim into calling and interacting with a fake representative,” said John LaCour, principal strategist at HelpSystems.