In the ancient martial art of judo, practitioners don't meet force with equal force. Instead, they leverage their opponent's momentum, redirecting energy and using it against the attacker. A skilled judoka doesn't simply block an opponent's push; they strategically yield, pivot, and transform that forward energy into a disadvantage for the aggressor. This philosophical approach provides a perfect framework for understanding modern voice phishing (vishing) defenses. Just as a judoka uses an opponent's pushing force against them, financial institutions can implement techniques that turn the scammer's primary weapon – the phone call itself – into their greatest vulnerability.

Rising every time it falls 

The banking sector continues to face significant challenges from the growing sophistication of vishing attacks, with 2024-2025 marking a period of unprecedented evolution in these deceptive tactics. Vishing incidents have surged globally, with a documented 30% annual increase in attacks and financial losses reaching $1.2 billion in 2023 alone. Within the APAC region, the landscape is especially concerning, with a 26.9% increase in targeted email attacks from 2023 to 2024 and an astounding 1,530% rise in deepfake cases between 2022 and 2023.

Vishing has evolved from simple deceptive phone calls to sophisticated, multi-layered attacks leveraging advanced technologies and psychological manipulation mastered during the COVID era with the rise of scams that leveraged remote access. As banks reacted to and improved detections of remote access during banking sessions, fraudsters adapted, pivoting away from remote access but keeping the keeping the main feature of those scams intact: the phone call.

Your enemy will have unnatural movement

Vishing increased in 2024 and has shown no signs of slowing down in 2025. Scams based purely on phone calls (such as impersonation scams in Thailand) more than doubled between 2023 and 2024 to a record 168 million.

In India, we’ve seen a rise in digital arrest scams, which are purely phone-based and keep the victim on the phone for extended periods of time. In one such case, a victim was on a video call for more than 24 hours for a scam that lasted a full month.

India’s also seen the emergence of a brand-new scam type: the call-merging scam, which I covered in another recent blog. These scams trick victims into merging the fraudulent call they answered with an incoming call from the victim’s bank, which gives the scammer a one-time password to log into the victim’s account.

The Monetary Authority of Singapore recently warned about a rise in  multi-stage impersonation scams. These scams typically begin with a call from someone claiming to be a Shopee employee. The scammer falsely informs the victim they’d previously signed up for an insurance policy and now face recurring charges.

All over the world, we see investment scams notorious for their excellent phone-based “customer service,” where scammers even provide remote-access support to assist setting up trading platforms and investing new funds. These scams can transpire over multiple calls and days or even months.

Perhaps most concerning is the integration of artificial intelligence into vishing operations, enabling scammers to automate large-scale attacks while maintaining convincing human-like interactions. AI-powered vishing utilizes sophisticated algorithms to analyze and mimic speech patterns, creating scenarios where victims believe they are speaking with legitimate representatives. Voice deepfake technology represents the cutting edge of this trend, allowing scammers to create highly convincing voice replicas of real individuals, including family members, colleagues, or bank officials, making verification of caller identity increasingly challenging for potential victims. One prevalent example involves scammers convincing seniors they are speaking with grandchildren in distress, exploiting emotional connections to facilitate financial fraud.

Against those skilled in attack, an enemy does not know where to defend

The global banking sector continues to implement sophisticated technologies to combat the growing threat of vishing and phone-based fraud. As scammers employ ever more convincing tactics to impersonate financial institutions, banks are developing innovative solutions that can detect, interrupt, and prevent fraudulent calls in real time.

Itaú Unibanco, Brazil's largest bank serving 70 million customers worldwide, has implemented a solution it calls Protect Call designed specifically to combat call center scams. This system actively detects scam attempts during ongoing phone calls and immediately triggers a visual warning on the user's mobile screen displaying Itaú's logo and colors, while simultaneously terminating the suspicious call.

Nubank, one of the largest digital financial services platforms globally with more than 90 million users in Brazil, has implemented two complementary phone security features. The first, Alô Protegido (“Protected Hello” in English) takes a preventative approach by automatically blocking suspicious calls from fake customer service centers.This technology specifically targets calls where scammers attempt to disguise their origin by masking it with Nubank's official contact number, effectively preventing the fraudulent call from ever reaching the customer.

Nubank supplements this protection with Verified Call, a verification tool that allows customers to confirm the legitimacy of incoming calls. When receiving a call purportedly from Nubank, customers can open the bank's app to view a real-time alert on the home screen confirming whether the call is genuinely from the institution or its accredited partners. This verification only works for calls initiated by the company, not when customers proactively contact the bank, creating a reliable authentication mechanism for official communications.

In Australia, Commonwealth Bank partnered with telecommunications giant Telstra to develop Scam Indicator, an innovative real-time detection system that identifies potential scams by correlating banking activities with phone call patterns. The technology provides indicators of whether a customer might be on a phone call while simultaneously making a bank transaction—a key marker of potential scam activity where fraudsters keep victims on the line while directing them to transfer funds. Initial implementations show promise, with CommBank expecting more than a 25% improvement in detection rates for fraudulently opened accounts for joint CommBank and Telstra customers.

True strength is revealed in behaviour

Advanced financial institutions are now deploying sophisticated behavioural intelligence technology to proactively identify and prevent vishing scams in real-time. Leveraging behavioural intelligence, banks create personalized behavioural profiles for each customer over time.

These machine learning- and AI-powered systems can immediately detect suspicious deviations when customers engage in unusual banking activities while on phone calls. This includes initiating uncharacteristic transfers, using speakerphone during sensitive transactions, accessing accounts via unfamiliar devices, demonstrating irregular navigation patterns within banking apps, and more. When these anomalies coincide with active voice calls, especially those involving high-value transactions or account changes, the system automatically generates a risk score and can pause suspicious activities for verification. This continuous authentication approach enables banks to identify potential live scamming scenarios where fraudsters are actively coaching victims by phone, allowing security teams to intervene before financial losses occur.

Victory goes to the one who adapts

As vishing grows more prevalent and the tactics employed to execute it more advanced and emotionally manipulative, banks must continue evolving their defenses with the same agility and precision as a seasoned judoka. From AI-powered scams to deepfake voices and call-merging tricks, the battleground retains one reliable weapon: The phone line. By rethinking the role of the call itself and transforming it from a criminal weapon into a criminal weakness, financial institutions are beginning to flip the script. The most effective vishing defense doesn’t just block attacks—it anticipates, redirects, and exploits the scammer’s own moves.