The Call Center Phone Is the New Fraud Inbox
Your email security stack has never been better. Spam filters, link scanners, DMARC, sandboxing -- organizations have spent years and millions building walls around the inbox. Attackers noticed. They stopped knocking on the front door.
They started calling instead.
That shift is opening a new entry point for fraud, insider risk, and data theft that most organizations are not equipped to close.According to Mandiant's M-Trends 2026 report, voice phishing has now overtaken email as the primary social engineering vector. Email phishing dropped to just 6% of confirmed initial access methods in 2025. Voice phishing rose to 11%overall -- and hit 23% in cloud-related compromises.
This is not a coincidence. It is a calculated response to better perimeter defenses. And it has a very specific target: environments where humans answer phones for a living and hold the keys to highly valuable data.
The Unscreened Channel
Email has layers of inspection before it reaches a human. A phone call has almost none. Caller ID can be spoofed. AI voice cloning tools can replicate a tone, an accent, even a specific person's speech patterns. By the time an agent picks up, the attacker already controls the script.
Call centers, BPOs, and service desks are attractive targets for exactly this reason. Agents are trained to be helpful. High volume, shift changes, and turnover mean institutional memory is thin. And the access they have -- customer records, financial data, account controls -- is exactly what attackers want.
The Coinbase breach makes the stakes clear. Criminals bribed overseas support agents at TaskUs to pull customer records -- up to 200 per day-- eventually recruiting supervisors and team leads into the scheme. One compromised agent became a structured internal conspiracy that exposed 69,000 customers and cost an estimated $65 million in downstream fraud. Marks &Spencer lost an estimated £300 million after attackers social-engineered a third-party IT help desk, impersonating executives to manipulate password resets.
These are not edge cases. Unit 42's 2025 incident response data found that 36% of all breaches began with a social engineering tactic. The phone has become the preferred entry point because it bypasses the tools organizations have already invested in.
AI Makes It Worse
The skill floor for voice-based attacks has dropped significantly. Deepfake voice generation, real-time accent modulation, and AI-generated scripts mean an attacker no longer needs to be a gifted social engineer. They just need the right tools and a target.
You can train an employee to look twice at a suspicious link. It is much harder to train them to doubt every caller who knows internal process language, references a real ticket number, or sounds exactly like the person they claim to be. The more convincing the attack, the more the burden falls on the systems watching what happens after the call.
The 22-Second Problem
Mandiant's M-Trends 2026 data documents a clear division of labor in modern attacks: one group gains access through social engineering,then hands it off to a separate group for data theft or fraud. The median hand-off time has collapsed from over eight hours to 22 seconds.
Twenty-two seconds. Less time than it takes to escalate a suspicious ticket or pull up a monitoring dashboard. If your detection strategy depends on a human noticing something is wrong and acting on it, you are already too late.
The conversation itself cannot be reliably screened. The agent cannot always tell the difference. The only layer that can stop the damage is what happens at the endpoint the moment access is used -- and it has to move faster than any human workflow can.
You Need Real-Time. Not Reports.
Slowing down to investigate after the fact is not a security posture. It is a cleanup plan.
The common thread across every major BPO breach -- Coinbase,Marks & Spencer, Roblox -- is not attacker sophistication. It is that organizations had no visibility into endpoint activity until long after the damage was done. Data was leaving. Accounts were being accessed outside their normal role. Nothing caught it in time.
InnerActiv is built for exactly this environment. Its endpoint AI continuously monitors user behavior in real time -- not by flagging known threats, but by recognizing when behavior stops matching what is expected for that user, that role, and that moment. A support agent pulling records at ten times their normal rate. A contractor accessing systems outside their job scope. InnerActiv catches it at the point of action, not in the post-mortem.
The phone call you cannot screen. The insider you did not know was compromised. The 22-second window before the damage is handed off.
You cannot stop every conversation. You can stop what happens next.
Most AI Governance Tools Are Blind at the Moment That Matters
AI didn't create new threat vectors. It gave existing ones a makeover. The same behaviors that have always preceded an incident are still there. They just look like productivity now. They pass every policy check. And unless you already have context on that user, that data, and what normal looks like for both, you're not going to catch it.
The AI Risk You Were Warned About Is Already Here
For years, security leaders heard the same predictions: AI would transform the insider threat landscape. Employees would leak sensitive data into unmanaged tools. Attackers would exploit AI integrations to move laterally through enterprise environments. That future arrived. The numbers confirm it, and so do the breach reports.
