Vishing in 2026:
When AI Clones Your
CEO's Voice to Call Your CFO

Modern voice cloning tools — several of which are free or low-cost — can produce a convincing clone of any person's voice from as little as three seconds of audio. LinkedIn videos, YouTube interviews, podcast appearances, company website videos, recorded Teams calls leaked by an insider — all of these are viable source material. The attacker feeds the clip into the tool, and within minutes has a voice model they can type text into and have spoken aloud in the target's voice, in real time, on a phone call.

The attack vector most commonly deployed is the urgent wire transfer scenario. The attacker, posing as the CEO or a senior director, calls the financial controller or accounts payable staff member. The voice is the CEO's. The tone is familiar. The request is for an urgent payment to a new beneficiary — a supplier, a legal settlement, an acquisition deposit — and it needs to happen before close of business today. Don't email. Just do it. I'll explain later.

This attack has cost South African businesses tens of millions of rands. It works because it bypasses every technical control you have — it's a phone call, and the voice sounds exactly like someone your staff trusts implicitly.

In early 2024, a finance employee at a multinational firm in Hong Kong was convinced to transfer the equivalent of R390 million after a video call in which every participant — including the CFO — was a deepfake. The technology has only become cheaper and more accessible since then. Tools like Deep-Live-Cam can run real-time face and voice replacement on consumer-grade hardware, requiring only a reference photo of the target and a short video clip for the voice.

The attack typically unfolds as follows: the target receives a meeting invitation for an urgent call. On the call, they see a familiar face — their manager, an IT helpdesk technician, an external auditor. The deepfake is plausible enough to pass a quick visual check, particularly on a lower-resolution video call. The attacker then uses the call to request credential resets, MFA bypass approvals, wire transfers, or access to sensitive systems.

A particularly effective variant targets IT helpdesk staff: the attacker poses as a senior executive in an emergency, requesting an immediate password reset without following standard verification procedure. Under the visual authority of a familiar face and an urgent tone, helpdesk staff frequently comply.

Your email security gateway scans every link in every email you receive. It detonates attachments in sandboxes. It checks URLs against threat intelligence feeds. It does all of this automatically. It cannot read a QR code.

Quishing — phishing via QR code — exploits this gap completely. The attacker sends an email with no suspicious links, no malicious attachments, and no URL for any filter to evaluate. Just a QR code embedded as an image. The email passes through every layer of your email security. The target scans the code with their phone — which is almost certainly outside your corporate security perimeter, unmanaged, and without any email security context — and is taken directly to a credential-harvesting page or malware download.

Common pretexts include: Microsoft MFA re-enrolment ("scan to verify your account"), parking fine payment notices, parcel delivery confirmation, and HR document signing. Physical quishing — where QR code stickers are placed over legitimate codes on parking meters, restaurant menus, or office printer instructions — brings this attack entirely offline and into physical spaces.

Old smishing was obvious: "SARS refund available, click here." Current smishing is something else entirely. Attackers now combine open-source intelligence (OSINT) with large language models to generate SMS messages that are personalised to the individual target using publicly available information — their name, employer, recent LinkedIn activity, area of residence, and even recent news events relevant to their industry.

The result is a text message that feels like it came from someone with inside knowledge. A dental practice owner might receive: "Hi Dr Sykes, following up on the POPIA compliance consultation we discussed — your submitted documents need a digital signature before Friday. Reply CONFIRM to receive the secure link." The attacker has harvested your name, profession, and a topical compliance concern from public sources, then crafted a message that sounds like a vendor follow-up.

At scale, this is now automated. Tools exist that take a list of phone numbers, scrape OSINT data for each one, and generate personalised phishing SMS messages in bulk using an LLM. What used to require a skilled social engineer hours of manual research now takes minutes per thousand targets.

You've rolled out MFA. You've trained your team not to click suspicious links. Then an adversary-in-the-middle attack walks straight past both of those defences and steals an authenticated session anyway — without ever needing your password or your MFA code.

Here's how it works. The attacker sets up a reverse proxy — a server that sits between the victim and the legitimate site (say, your Microsoft 365 login). The victim receives a phishing link and visits what appears to be the genuine Microsoft login page — because it effectively is, just proxied through the attacker's server. The victim enters their credentials. The victim completes MFA. The session token is issued by Microsoft. The attacker's proxy silently copies that session token. The victim logs in successfully and notices nothing. The attacker replays the stolen session token from their own machine and is now authenticated as the victim — with full access — without ever triggering an MFA prompt.

Toolkits like Evilginx make this deployable by anyone with basic server skills. It is one of the reasons MFA alone is no longer a complete answer to account takeover — and why phishing-resistant MFA (hardware tokens, passkeys) is the next required step.

This one is subtle because the attacker calls you — not the other way around. The attack begins with a spoofed caller ID showing your IT support team's number. The caller claims to be from IT and says they've detected a problem with your account: a failed login from an unusual location, a virus alert, a compliance issue. They need to walk you through a fix right now.

The "fix" involves one of several things: approving an MFA push notification that the attacker is simultaneously triggering from their own login attempt; installing remote access software ("just download this tool so I can fix it for you"); or reading back a code sent to your phone — which is actually an account recovery code. Each of these gives the attacker exactly what they need while the victim believes they're following legitimate IT instructions.

This technique is called MFA fatigue bombing when it involves rapid successive MFA push notifications designed to frustrate the target into approving one just to stop them. Microsoft 365 and Duo users have lost accounts to exactly this. The attacker just keeps triggering pushes until, at 2am or mid-meeting, the target approves one to make it stop.

Traditional spearphishing required significant manual effort per target — researching the person, crafting a convincing pretext, writing plausible email copy. That friction kept it targeted to high-value individuals. AI has removed that friction entirely.

Current attack pipelines work like this: automated OSINT tools scrape LinkedIn, company websites, news articles, and social media to build a profile of every employee at a target organisation. An LLM then generates a highly personalised email for each individual, referencing their specific role, recent activity, current events in their industry, and mimicking the communication style of their organisation. The emails are grammatically flawless, contextually plausible, and free of every traditional phishing indicator.

One particularly dangerous variant is the internal thread hijack. Having compromised one inbox, the attacker injects a reply into an existing email thread — continuing an active conversation between real colleagues — with a malicious link or attachment. The recipient sees a conversation they've been part of for days, a name they recognise, a topic they were already discussing, and a plausible next step. Click rates on this technique are dramatically higher than cold phishing.