Over Easter weekend 2025, Marks & Spencer's IT help desk received a call from someone claiming to be an M&S employee. The caller was convincing. The help desk – run by third-party provider Tata Consultancy Services – reset the credentials. The attackers were inside before anyone realized what had happened.

‍

The breach went undetected for months. By the time M&S suspended online orders on April 25, ransomware had already encrypted critical systems across 1,049 stores. The company lost an estimated £300 million in annual profit. Its market cap dropped more than £500 million. Online sales were down for 46 days.

‍

No zero-day. No malware delivered via email. A phone call to a help desk agent who had never practiced this scenario.

‍

That is what voice phishing looks like in 2025. If your security awareness program is built primarily around suspicious emails, here is what you are not preparing your organization for.

‍

1. Voice phishing is now the #2 initial access vector – and it's not close

For years, email phishing was the way in. Not anymore.

‍

Mandiant's M-Trends 2026 report, built on more than 500,000 hours of incident response investigations conducted in 2025, found that voice phishing climbed to the second-most commonly observed initial infection vector, appearing in 11% of all intrusions where a vector could be identified. Email phishing, which accounted for 22% of intrusions as recently as 2022, has dropped to just 6%.

‍

In cloud environments specifically, the numbers are starker. Voice phishing was the single most common initial attack vector, accounting for 23% of cloud-related compromises – ahead of third-party compromise, stolen credentials, and email phishing combined.

‍

The reason is structural. Automated email gateways are getting better. Vishing sidesteps them entirely. There is nothing for a filter to catch in a phone call. The attack happens in real time, with a human or an AI steering the conversation, adjusting to whatever the target says. That adaptability is what makes it effective – and what makes it resistant to the technical controls that have made email phishing less reliable.

‍

Your training program was built for a threat that has retreated to 6% of intrusions. The threat at 11% – and climbing – receives almost no simulation time in most organizations.

‍

2. The IT help desk is the most targeted entry point in the enterprise

M&S wasn't an anomaly. It was part of a documented campaign.

‍

The playbook Scattered Spider used against MGM in 2023 – LinkedIn reconnaissance, help desk impersonation, credential reset, MFA bypass – has since been replicated across hundreds of organizations. The same group hit Caesars Entertainment, Co-op, Harrods, US insurers, and airlines, each time using the same foundational technique. Mandiant now tracks multiple threat clusters running help desk vishing as their primary initial access method, including UNC3944, which has been running these campaigns since at least early 2022.

‍

Why the help desk? Because it is structurally designed to be helpful. Agents operate under pressure to resolve issues quickly. They answer calls from employees they have never met. They have the access to reset credentials and disable MFA factors – exactly what an attacker needs.

‍

Okta has observed that attackers frequently ask IT to reset all MFA factors for targeted accounts. The help desk agent complies because the request sounds like a routine locked-out-employee call. The conversation ends. The attacker is inside.

‍

Most security awareness programs simulate suspicious emails to end users. Almost none simulate the specific scenario facing help desk staff: a caller who knows the employee's name, their manager's name, their department, and their job title – because all of it was on LinkedIn – requesting a credential reset with appropriate urgency. The gap between what attackers practice and what help desk staff have practiced is where most of these breaches begin.

‍

3. The voice is no longer a signal. Employees need to learn to read the call.

Voice phishing has always worked because humans are wired to trust a voice. AI has removed the last reason to think you could detect a fake one.

‍

Modern voice cloning tools can produce a convincing replica of a specific person's voice from as little as three seconds of audio. Earnings call recordings, podcast appearances, LinkedIn video posts, internal town hall recordings – all of it is source material. If your CFO has ever spoken publicly, their voice can be cloned.

‍

In 2024, a finance worker at Arup approved a $25 million wire transfer on a video call. The CFO was on the call. So were several senior executives. Every face and every voice was a deepfake. The employee saw nothing that looked wrong. Fortune's 2026 analysis confirmed what that incident demonstrated: the average listener can no longer reliably distinguish a cloned voice from the real one.

‍

This changes what employees need to be trained to detect. The voice is no longer a reliable signal. The structure of the call is where the red flags live – the urgency, the secrecy, the request that bypasses normal process. An employee who has never been walked through that distinction, under simulated pressure, will not identify it in the moment a real call arrives.

‍

4. Callback phishing has made email gateways irrelevant for an entire attack category

The email your security gateway scanned was clean. That's the point.

‍

Callback phishing – where attackers send an email containing only a phone number, with no malicious link or attachment – increased 500% in Q4 2025. Forty-three percent of BEC attacks now contain a callback element. The email passes every filter because there is nothing technically malicious in it. The social engineering happens on the call your employee makes in response.

‍

The most common callback pretexts involve fake invoice notifications from financial services providers, fake subscription renewal alerts, and vendor impersonation. The email looks like a routine billing notice. The number connects to an attacker who walks the employee through "canceling the charge" – which requires account credentials, payment details, or remote access to "process the refund."

‍

This attack type is almost never covered in security awareness training. Employees have been drilled to look for suspicious links. Nobody told them that the suspicious thing might be a phone number in an otherwise clean-looking email.

‍

5. Multi-channel attacks are the new baseline and single-channel training has no answer for them

A vishing attack rarely starts with a phone call.

‍

The pattern Mandiant has documented most frequently begins with an email or SMS that establishes a pretext – a fraud alert, a password expiry warning, a security notice – and then escalates to a call that references it. The email isn't the attack. It's the setup. The M&S and MGM breaches both followed this structure: context established across one channel, access obtained through another. Multi-channel phishing campaigns combining voice, SMS, and email increased 97% in 2025.

‍

This matters for training design, not just threat awareness. An employee who has been trained to recognize a suspicious email will not automatically connect that email to the call they receive three hours later asking them to "verify" their response to it. The two events feel unrelated. That disconnection is intentional.

‍

Effective training has to simulate the full sequence – the email, the follow-up call, the pressure on the call – not just individual channels in isolation. A phishing simulation that tests email click rates and a vishing simulation that tests call compliance are both necessary. Neither is sufficient alone.

‍

6. The regulatory environment is formalizing vishing simulation as a baseline requirement

The compliance window for getting ahead of this is closing.

‍

In February 2026, New York's Department of Financial Services issued the first state-level regulatory advisory specifically addressing voice phishing – treating it as a distinct, regulated risk category rather than a subcategory of general phishing. The FBI issued a formal advisory in May 2025 about AI-generated voice messages targeting U.S. government officials. Mandiant's M-Trends 2026 executive edition specifically named help desk vishing as a risk requiring its own defensive strategy, separate from email phishing controls.

‍

The trajectory is the same one email phishing simulation followed a decade ago: advisory, then expectation, then requirement. Organizations that treat vishing simulation as optional today are in the same position as organizations that treated email phishing simulation as optional in 2015. They were compliant until they weren't – and the breach came before the mandate.

‍

Building the muscle before the requirement is formal is the only version of this that actually protects you.

‍

A static content library has no answer for any of these six trends

The six trends above share a structural problem: none of them are addressed by annual training built from a fixed library.

‍

A vishing simulation that uses a generic help desk script doesn't prepare your team for a caller who knows your employee's actual name, actual manager, and actual job title – the way Scattered Spider did before calling M&S and MGM. A deepfake awareness video doesn't prepare a finance employee for a live video call where every face on screen looks and sounds like a colleague they recognize. A callback phishing module built six months ago doesn't reflect the specific pretexts attackers are using this quarter.

‍

The gap between what attackers know about your organization and what your training reflects is where breaches begin.

‍

Frame Security is built to close that gap. Frame's Phishing Simulator generates voice phishing simulations built around your actual org – your executives, your IT workflows, your real vendor relationships – in minutes, not months. When a new vishing campaign hits a peer organization on Monday, your help desk team can be running a simulation built around that exact pretext by Monday afternoon. Not a generic module. A scenario built for your environment.

‍

Because your attackers already know your company. Your training should too.

‍

TL;DR

‍

• The M&S breach started with a call to a third-party help desk agent – credential reset, no technical exploit, £300M in lost profit, 46 days of suspended online orders
• Voice phishing is now the #2 initial infection vector globally per M-Trends 2026 – and the #1 vector in cloud environments at 23% of intrusions
• Email phishing has dropped to 6% of intrusions; the threat has moved to the phone
• AI voice cloning has crossed the indistinguishable threshold – the voice is no longer a reliable signal; employees need to be trained on the structure of the call, not the sound of the voice
• Callback phishing – a clean email with only a phone number – increased 500% in Q4 2025 and bypasses every email security gateway
• Multi-channel attacks combining voice, SMS, and email increased 97% in 2025; training that covers only email is training for last year's threat
• Regulatory pressure is formalizing vishing simulation as a baseline expectation – the compliance window for getting ahead of it is closing

‍