One method is to send a voicemail message generated by artificial intelligence (AI), seemingly from a panicked child or grandchild, to a family member. The message urges the family member to send money, often through a bogus bank link.
“The everyday vishing script is a high-pressure, ‘urgent problem’ phone call,” Nathan House, CEO of StationX, a UK-based cybersecurity training platform, told The Epoch Times.
“The caller spoofs your bank’s number, claims your account is compromised, and needs you to ’verify' a one-time passcode they just texted—actually your real two-factor code.
“Other variants impersonate police, utility companies, or a panicked relative demanding emergency funds.
“The hallmarks are a trusted name on caller ID, an emotional or financial threat, and a demand for immediate action—usually sharing credentials, reading back a code, or wiring money.”
She warned that while current AI voice cloning technology is only able to stick to a script and cannot react spontaneously to questions or responses in real time, it is only a matter of time until it actually learns to behave more like humans and can be weaponized against them.
“If I feel like I’m actually talking to a relative of mine, I will be more willing to lend them money, because I’m convinced that this is the actual person that I’m talking to, and this is really dangerous,” Lapienyte said.
House said the FBI report shows how prevalent the phishing or spoofing problem has become.
“Phishing, spoofing, and their offshoots—voice phishing or vishing, smishing, QR phishing—have been the workhorses of cybercrime for years because they’re cheap to run and scale to millions of targets with almost no technical skill,” he said.
Lapienyte said it is becoming cheaper to scam people using voice cloning.
“In 2020, if you wanted to clone a voice, you would need probably around 20 minutes of recording,” she said.
“These days, with AI and automation, and other innovations, you just need a couple of seconds of someone’s voice, and you can ... make a recording resemble the person that you are trying to impersonate.”
House said scammers only need a few seconds of audio, such as “a TikTok clip or a brief wrong-number call,” to make a convincing replica using AI voice cloning tools.
“That lowers the cost and skill barrier dramatically,“ he said. ”Criminals no longer need studio-quality samples or lengthy recordings. So they can scoop up snippets posted online, feed them into a free cloning engine, and start dialing.”
According to the IC3, people older than 60 suffered losses of nearly $5 billion from cybercrime in 2024 and submitted the most complaints to the agency.
Scammers bought spoofing software, such as Interactive Voice Response, from the site, which generated 112.6 bitcoin ($1.08 million) for Fletcher and his associates.
“Voice deepfake heists remain rare headlines, but they’re almost certainly underreported because companies dread the reputational hit,” House said.
“Only a handful have surfaced publicly, yet business-email-compromise losses—into which these CEO voice scams fit—are already measured in billions each year.
“It’s plausible that deepfake voice fraud has siphoned off many millions collectively.”
House said most incidents have been written off as wire transfer fraud.
Lapienyte agreed that there is underreporting of vishing and other scams—especially among the elderly, who are often ashamed to admit that they have been scammed “because they are feeling lonely and they don’t want to be ridiculed.”
“It’s imperative that the public immediately report suspected cyber-enabled criminal activity to the FBI.”
“They’re that big. They’re that organized. They’re that well-funded,” she told The Epoch Times in a recent interview.
Lapienyte also said the Southeast Asian cyberscamming industry is now more likely to conduct large-scale vishing attacks than to just go for the “big fish.”
She said that while the scammers may target the elderly and those who live alone, the targets are often selected at random.
“It could be anybody,” Lapienyte said. “Scammers also have their favorite times to scam, during holidays or in the mornings, when people are more relaxed or not thinking clearly.”
She noted that elderly people are often targeted by romance fraudsters.
“In those romance scams, they are building a totally new persona,” Lapienyte said. “So they can definitely fake a voice, but I think it’s more dangerous when they manage to fake the voice of someone like a relative, or maybe someone in the company, or someone you know. ... It’s way more personal.”
Lapienyte said voice cloning has also presented dangers for the media.
“Before AI arrived, you would verify that the person is a person,” Lapienyte said. “So you would pick up the phone and call them, just have a little chat, check this is a human being I’m talking to.”
She said AI is now able to fake videos as well as voices, making it harder to verify that an interviewee is a genuine person.
Lapienyte said that while AI is improving every day, at the moment, voice cloning software is unable to perfectly mimic humans and often sounds robotic or lacks a sense of humor.
She said it has none of the pauses, slips of the tongue, or unfinished sentences that humans make when they speak.
“But they will get there, I think, sooner rather than later, and then it’s going to be really scary,” Lapienyte said.
In the video, Nesbitt says, “AI voice cloning fraud is on the rise, and anyone can become a victim.”
House said a code word between family members “is a simple, effective speed bump.”
“If someone calls sounding like your son begging for bail money, [ask] for the agreed phrase—something no outsider could guess,“ he said. ”It forces the impostor to break character, or hang up.”
He said it is not foolproof but is a low-tech defense that could dramatically weaken voice cloning scams.
Lapienyte pointed to the reality of most calls: “The problem is that when someone close to you is calling, you don’t try to verify their identity. You don’t put up protective shields, ‘Is my mom really calling?’
“And you know, I don’t really want to live in that world where we do that.”
House said banks and other financial organizations could do much more to tackle vishing and spoofing.
“Banks should require out-of-band confirmation—callbacks to a known number—before any high-value transfer and never rely on voice alone,” he said.
He said the telecommunications industry should also “aggressively label or block spoofed numbers.”
“Cybersecurity teams can run staff through vishing drills, adopt AI detection that flags synthetic voices, and place explicit warnings like ‘We will never ask for a code over the phone’ into every customer touchpoint,” House said.
“Together, these measures raise the cost for scammers and add friction at the critical moment of decision.”
