Voice phishing, also known as vishing, has been around for years. But cybercriminals have taken phone-based scams to a new level of sophistication — and it’s paying off.

By impersonating trusted officials, like customer service representatives at a bank, social engineers con unsuspecting victims out of millions of dollars every year. Vishing is surprisingly easy to fall for, catching even the most careful individuals off-guard. Well-crafted schemes carry all the signs of legitimacy, right down to the correct phone number of a victim’s personal bank.

Social engineering is one of the fastest growing threats to a business’s cyber security. In social engineering attacks, a fraudster works to gain the confidence of a victim and manipulate them to hand over or enter personal, confidential information that can then be used to commit fraud online. In 2016, 60% of enterprises were victims of social engineering attacks. And phishing, a form of social engineering, accounted for 90% to 95% of all successful cyberattacks worldwide in 2017.