Back to blog
Vishing Prevention Software: Lessons From the Dutch Deepfake Bank Fraud
Written by
Brightside Team
Published on
A Deepfake Opened 47 Bank Accounts. Voice Is the Next Front: How to Choose Vishing Prevention Software
In Amsterdam, a 34-year-old man opened 47 fraudulent accounts at ABN AMRO, one of the largest banks in the Netherlands, without ever walking into a branch. He did it through the bank's mobile onboarding flow, which asks an applicant to photograph an ID and take a selfie so an automated system can confirm the two faces match. Using face-swap software, he blended his own features onto the photos of stolen identity documents until each selfie matched its ID well enough to pass. The bank mailed debit cards to accounts opened in other people's names, 47 times. He was convicted in June 2026 and sentenced to 30 months, with the court ordering him to repay the bank more than 13,000 euros (ECLI:NL:RBAMS:2026:6093, reported by DutchNews and analyzed by iProov).
What should stop any security leader is how ordinary the tools were. He harvested identity documents by posting a fake apartment listing on Marktplaats and asking interested renters to send a passport and a payslip "to verify" their application. The deepfakes came from off-the-shelf software. The scheme ran for months and was caught not by the automated check but by a human reviewer who noticed one application paired a woman's ID with a selfie showing a man's face. The verification system confirmed the face matched the document. It had no way to confirm the face was real.
That same generative capability does not stop at the camera. The model that grafts a face onto a stolen passport can clone a voice from a minute or two of audio. And the channel where most of your employees still extend trust by default, the phone, has almost none of the controls a bank wraps around account opening. If a synthetic face can defeat a verification system built to stop exactly that, a synthetic voice on an ordinary call is the more immediate worry, because almost nothing stands between it and the person who picks up.
Why the bank's deepfake problem is your voice problem
It is worth being precise about what happened in Amsterdam, because the lesson that transfers is not the obvious one. ABN AMRO was not the victim of voice phishing. It was beaten at identity proofing, in what Dutch prosecutors called a biometric injection attack: synthetic imagery fed into a verification pipeline that checked for a match but not for a living, present human. That is a know-your-customer problem, and the fix for it lives in the bank's onboarding stack, not in its phone lines.
But look at what bracketed the technical attack on both ends, and the relevance to everyone else becomes clear. On the front end, the fraud started with social engineering: real people, in a competitive housing market, handed over their passports because a "landlord" asked them to. On the back end, the accounts were not the goal. They were mule accounts, used to launder cash and to run follow-on bank-helpdesk fraud against other victims. The compensation the court ordered included reimbursing someone who lost money to that helpdesk scam. The deepfake sat in the middle of a chain whose first and last links were both ordinary human manipulation.
Voice is where that manipulation scales next, because the economics just changed. The defining example is the 2024 case in which a finance employee at the engineering firm Arup joined a video call with what looked like the company's CFO and several colleagues, every one of them a deepfake, and transferred roughly 25 million dollars. The same toolkit that produced that call now produces a single cloned voice on demand. An attacker no longer needs a fluent native speaker, a convincing accent, or a script delivered without nerves. They need a short sample of the person they want to imitate, and for executives and IT leaders that sample is often sitting in a public webinar, an earnings call, or a conference recording.
So the durable takeaway from the ABN AMRO case is not "buy better liveness detection," though banks should. It is that synthetic media has made impersonation cheap and convincing across every channel at once, and the channel your staff are least prepared for is the one ringing on their desk.
Vishing is now a top way into financial firms
This is no longer a fringe vector, and the most credible threat reporting now says so plainly. Mandiant's M-Trends 2026 ranked voice phishing the second most common initial infection vector observed in 2025, present in 11 percent of intrusions where investigators could identify how the attacker first got in. Verizon's 2026 Data Breach Investigations Report went a step further and began tracking pretexting over synchronous voice and chat as its own category, separate from email phishing, accounting for roughly 6 percent of initial access against email's 16. When the two most-cited incident datasets in the industry both carve out voice as a distinct way in, the category has matured.
The financial sector sits squarely in the blast radius, for a simple reason: the actions attackers want are the actions your people are authorized to take by phone. The FBI's 2025 Internet Crime Report tied business email compromise, which increasingly rides on a confirming phone call, to more than 3 billion dollars in reported losses, and AI-related complaints to nearly 893 million. The targets follow the authority and the access:
The help desk. Groups operating in the Scattered Spider mold call IT support, impersonate an employee, manufacture urgency, and talk an analyst through a password or MFA reset. The phone is the weapon because a human can be pressured in ways a login form cannot.
Finance and accounts payable. A cloned executive voice confirming an "urgent, confidential" wire, or a vendor calling to update bank details, turns a routine approval into a payout.
Anyone who controls a SaaS login. Clusters tracked as ShinyHunters and UNC6040 have used vishing to coax credentials and one-time codes out of employees, then pivoted into Salesforce, Okta, and Microsoft 365 to steal data for extortion, as Google's threat intelligence team documented.
The broader telemetry points the same way, even if the precise figures should be read as directional. Widely cited vendor reporting put the rise in voice phishing across the second half of 2024 at 442 percent, and analysts at Deloitte have projected generative-AI-enabled fraud losses approaching 40 billion dollars by 2027. Methodologies vary and these numbers are not directly comparable, but the direction is not in dispute, and it is corroborated by the harder Mandiant and Verizon datasets.
Why "just listen for the glitch" stopped working
The instinctive defense, training people to recognize a fake by ear, is already obsolete, and it is worth being blunt about why so that nobody builds a program on it.
People cannot reliably hear the difference. In a 2026 study of how listeners judged synthetic versus genuine voices in realistic vishing clips, participants averaged about 37.5 percent accuracy (arXiv). That is worse than a coin flip, because the cues humans reach for, warmth, hesitation, the right accent, are exactly what modern voice cloning reproduces well. "Does this sound like them?" is no longer a usable control, and leaning on it actively works in the attacker's favor.
Machine defenses on the voice channel are not a finished answer either. Research published in 2026 found that current voice-cloning methods can bypass automated speaker-verification systems, and that anti-spoofing detectors trained on known synthesis techniques generalize poorly to methods they have not seen (arXiv). Voice biometrics still have a place as one signal among several, but treating a voiceprint as proof of identity invites the same failure ABN AMRO hit: a check that confirms a match without confirming authenticity. Caller ID deserves even less trust, because it is trivially spoofed, and a number that resolves to "Finance" or to a known vendor is precisely what an attacker will arrange to show.
The throughline across all of these is that voice is not a trust anchor. Anything an employee can see on the screen or hear in their ear can now be manufactured. A defense that survives that fact cannot depend on the target detecting the fake.
What actually stops voice phishing: a verification reflex you can rehearse
If the fake is undetectable in the moment, the control has to live in the process, not the perception. The single rule that holds regardless of how convincing the caller is: no sensitive action completes on the strength of a phone call alone. Moving money, resetting a credential or MFA factor, enrolling a new device, granting remote access, changing a vendor's bank details, exporting customer data, any of these requires confirmation through a separate, pre-established channel before it proceeds. The caller does not get to choose the channel, and the employee does not skip it because the request feels legitimate. Done right, it does not matter whether the voice is real, because the voice was never what authorized the action.
That is a behavior, and the reason most organizations do not have it is that they wrote it into a policy instead of building it into a reflex. Under pressure, on a call engineered to feel urgent and authoritative, people do what they have practiced, not what a document tells them. A finance manager who has never refused a convincing "CFO" before will hesitate to do it for the first time at the worst possible moment. The goal is to make stopping, verifying through the known channel, and reporting the attempt the path of least resistance, so often rehearsed that it is automatic.
Technology helps at the edges, but it is important to be clear about what each layer does and does not cover, because none of it removes the human decision:
Telecom authentication such as STIR/SHAKEN attests that a call traversed the network without its caller ID being spoofed. That is useful, but it speaks to call-path integrity, not to the caller's intent or their authority to make the request. A perfectly attested call can still be a scam.
Identity-verification and liveness tools are what ABN AMRO needed, and what banks should add to onboarding. They confirm a real, present person at the point of capture. They protect your customer-facing KYC flow. They do nothing for the call an attacker places to your help desk.
That leaves the human layer, and the only proven way to harden it is to rehearse it. Generic annual awareness training does not teach a support analyst what to do when a believable caller invents an emergency, because it never puts them in one. Realistic vishing simulation does: it places employees in a safe but convincing version of the real call, measures whether they followed the verification process, and turns each failure into a specific, timely lesson. Run it where the risk concentrates, the help desk, finance, executive assistants, and contact-center staff, and you are training people against AI voice scams the way pilots train in simulators: by failing harmlessly until the right response is muscle memory.
How to evaluate vishing prevention software
A note on the category before the criteria, because the label is loose. "Vishing prevention software," in the sense most security teams actually buy, means AI-driven simulation and awareness platforms that rehearse the human response to a voice attack. That is a different lane from the telecom and liveness tools above, which sit in front of the call or inside KYC. The platforms below do not block calls or detect a live deepfake on the wire. They build and measure the verification reflex that stops the attack from succeeding once it reaches a person. Evaluate them on how well they do that.
Eight criteria separate a serious platform from a checkbox:
Live, adaptive AI calls, not robotic voicemail. The simulation should be a real conversation that responds to what the target says, because that is what an attacker does. Pre-recorded voicemail drops and rigid scripts do not test how someone holds up when a caller improvises around their objections.
Deepfake and voice-cloning support, with governance. Cloning an executive's voice for a simulation is the most realistic test available and the most sensitive. The platform should support it and surround it with consent, access controls, and clear policy, because cloning a named individual carries privacy and employment implications that vary by jurisdiction.
Multi-channel realism. Real intrusions move across channels: a call that follows a phishing email, or a text that primes a later call. Look for coordinated hybrid voice-and-email campaigns (and ideally smishing) run as one workflow, not three disconnected tools.
Role-based targeting. Risk is not evenly distributed. The platform should let you build and aim scenarios at help desk, finance, executives, and contact-center teams, with pretexts that fit each role.
Vishing-specific metrics. Email open rates tell you nothing about a call. You need answer rate, failure rate, call duration, and trend lines over time, so you can show whether the verification reflex is actually improving.
Automatic follow-up training. The teachable moment is right after a failure. Look for remediation that triggers automatically when someone falls for a simulated call, not a report that a manager might act on weeks later.
Compliance and regional fit. For European financial firms operating under NIS2 and DORA, multilingual delivery and audit-ready reporting matter, as does the consent and data handling around recording and cloning voices for tests.
Safety and realism controls. Features like previewing a simulation before it launches, and cooling periods that prevent hammering the same employee, keep a program realistic without becoming punitive or chaotic.
The five platforms below all run genuine voice simulations and are worth a shortlist. They differ most on call realism, how deep their AI-driven scenario design goes, and whether voice is a first-class capability or one feature inside a broader suite.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 5100 5100" xmlns="http://www.w3.org/2000/svg"><path d="M 2500.024 0 C 2553.328 0 2595.834 43.879 2595.834 97.125 L 2595.834 1876.506 L 3119.201 176.066 C 3134.891 125.086 3188.553 96.12 3239.425 112.351 C 3290.111 128.521 3317.762 183.113 3302.122 233.925 L 2779.762 1931.097 L 3779.21 461.931 L 3779.21 461.931 C 3809.253 417.765 3869.112 406.54 3912.791 437.34 C 3956.212 467.961 3966.827 528.293 3936.952 572.213 L 2940.571 2036.873 L 4325.625 929.91 C 4367.382 896.541 4427.806 904.057 4460.434 946.369 C 4492.863 988.434 4485.764 1049.285 4444.263 1082.452 L 3060.321 2188.526 L 4709.544 1539.817 C 4759.253 1520.266 4814.696 1545.603 4833.629 1595.492 L 4834.055 1596.658 C 4852.106 1646.063 4827.965 1701.593 4778.86 1720.913 L 3133.595 2368.073 L 4897.112 2235.63 C 4950.287 2231.63 4995.887 2272.239 4999.739 2325.374 L 4999.739 2325.374 C 5003.591 2378.46 4964.398 2425.357 4911.272 2429.348 L 3146.284 2561.899 L 4871.594 2956.552 C 4923.482 2968.425 4955.466 3020.57 4943.999 3072.498 C 4932.513 3124.564 4881.447 3157.944 4829.411 3146.042 L 3104.198 2751.408 L 4635.446 3637.4 C 4681.451 3664.017 4697.226 3723.193 4671.331 3769.585 L 4671.331 3769.585 C 4645.308 3816.215 4586.707 3832.86 4540.454 3806.104 L 3005.937 2918.221 L 4209.67 4218.413 C 4245.476 4257.082 4244.03 4317.683 4206.57 4354.549 L 4205.679 4355.411 C 4167.427 4392.128 4107.211 4390.593 4070.811 4352.262 L 4069.949 4351.351 L 2863.424 3048.138 L 3632.211 4648.15 C 3655.046 4695.671 3636.222 4753.253 3589.443 4777.295 L 3588.334 4777.86 C 3540.507 4801.675 3483.064 4781.335 3459.942 4733.221 L 2689.559 3129.881 L 2954.004 4888.23 C 2961.916 4940.841 2926.469 4990.659 2873.852 4998.868 C 2821.132 5007.086 2772.499 4970.211 2764.574 4917.511 L 2500.003 3158.32 L 2235.433 4917.511 C 2227.506 4970.211 2178.874 5007.086 2126.154 4998.868 C 2073.538 4990.659 2038.091 4940.841 2046.004 4888.23 L 2310.449 3129.871 L 1540.054 4733.221 C 1516.934 4781.335 1459.495 4801.675 1411.666 4777.86 C 1364.085 4754.154 1344.776 4696.048 1367.789 4648.15 L 2136.531 3048.237 L 930.091 4351.351 C 893.789 4390.564 832.92 4392.415 794.361 4355.411 C 756.039 4318.634 754.286 4257.389 790.37 4218.413 L 790.37 4218.413 L 1994.186 2918.132 L 459.517 3806.104 C 413.263 3832.86 354.662 3816.215 328.639 3769.585 C 302.745 3723.193 318.529 3664.017 364.525 3637.4 L 1895.723 2751.438 L 170.629 3146.042 C 118.603 3157.944 67.537 3124.564 56.04 3072.498 C 44.584 3020.57 76.568 2968.425 128.455 2956.552 L 1853.763 2561.899 L 88.728 2429.348 C 35.602 2425.357 -3.591 2378.45 0.261 2325.364 C 4.103 2272.239 49.713 2231.63 102.888 2235.621 L 1866.342 2368.063 L 221.081 1720.903 C 171.59 1701.435 147.458 1645.18 166.322 1595.487 C 185.106 1545.988 239.826 1520.657 289.238 1539.361 L 290.397 1539.811 L 290.397 1539.812 L 1939.997 2188.674 L 555.875 1082.452 C 514.375 1049.285 507.275 988.434 539.705 946.369 C 572.333 904.057 632.766 896.541 674.514 929.91 L 2059.407 2036.744 L 1063.117 572.213 C 1033.242 528.293 1043.857 467.961 1087.279 437.34 C 1130.957 406.54 1190.816 417.766 1220.86 461.932 L 2220.177 1930.909 L 1697.876 233.925 C 1682.237 183.113 1709.887 128.521 1760.574 112.351 C 1811.446 96.12 1865.108 125.086 1880.799 176.066 L 2404.214 1876.665 L 2404.214 97.125 C 2404.214 43.879 2446.718 0 2500.024 0 Z" fill="rgb(165, 140, 255)" height="5000.014289657591px" id="KrZEL4sI2" stroke-dasharray="" stroke-linecap="round" stroke-linejoin="bevel" stroke-width="50" stroke="rgb(165, 140, 255)" transform="translate(50 50)" width="5000px"/></svg>)
Try our vishing simulator
Experience the most advanced voice phishing simulator built for security teams. Create scenarios, test voice cloning, and explore automation features.
Which vishing prevention software is best?
There is no single best tool for every buyer, so the entries below use "best for" positioning rather than a ranking. All five are security-awareness and simulation platforms, evaluated against the criteria above. One name you will expect and will not find as a full entry is KnowBe4: it is the market leader in awareness training overall, but its vishing capability begins at higher tiers and centers on voicemail-style simulations, and the deepfake feature it launched in late 2025 is a training aid rather than an attack simulation, so it is a weaker fit for a voice-first shortlist. The platforms are listed alphabetically.
Arsen
Arsen is a Paris-based, AI-era awareness platform built around modern social engineering across phishing, smishing, and vishing, with messaging aimed at executive protection. Its vishing module uses AI voice cloning and adaptive conversations, and it offers synchronized campaigns that pair a voice call with a phishing email, plus dedicated voice metrics and multilingual delivery that suit European buyers.
Arsen is a strong fit for security teams that want a simulation-first platform with credible multi-channel coverage and a European footprint, particularly where executive impersonation is the headline concern.
Pros
AI voice cloning with adaptive, not fully scripted, call flows
Coordinated vishing-plus-phishing campaigns
Clear European positioning and multilingual support
Executive-protection framing that maps to real attacker behavior
Cons
Smaller footprint and brand recognition than the large suites
Less of a broad content library than incumbents for general awareness training
Brightside
Brightside is a Swiss AI-era simulation platform that covers phishing, vishing, and deepfake scenarios in one product, with unusual depth on the voice side. Its vishing simulator runs live, adaptive AI phone calls that respond in real time, and it builds them through a guided workflow rather than a static template: admins set an attack goal, define a caller persona, and the platform can generate that persona, draft the opening line, and recommend a tactic mix (authority, urgency, reciprocity, and others) with a short explanation of why each works. It supports both voice-only and hybrid attacks that combine a live call with a trackable phishing email in a single campaign, custom voice cloning from a one-to-two-minute recording for executive scenarios, and an in-browser preview so a team can rehearse the call before launching it. A dedicated dashboard tracks answer rate, failure rate, median call duration, and trends, a three-month cooling period prevents retargeting the same employee too soon, and failed simulations trigger follow-up training automatically. Delivery spans English, French, German, and Italian.
Brightside is best for security and fraud leaders who treat AI-era voice and deepfake impersonation as a primary risk and want the most fully developed live-vishing workflow rather than a voice feature bolted onto an awareness suite. It is a specialist tool by design, so teams that primarily need a large general-awareness content library and a broad LMS may want to weigh that scope difference, and the platform builds the human verification reflex rather than detecting deepfakes on a live call or fixing customer-facing KYC.
Pros
Live, adaptive AI calls with AI-generated persona, opening line, and recommended tactics
Hybrid voice-plus-email attacks in one workflow, with in-browser preview before launch
Custom executive voice cloning, vishing-specific metrics, cooling period, and automatic follow-up training
Swiss, multilingual (EN, FR, DE, IT) delivery suited to NIS2 and DORA contexts
Cons
Specialist simulation focus rather than the broadest general-awareness or LMS breadth
Voice cloning of named executives requires deliberate consent and governance
Hoxhunt
Hoxhunt is an enterprise human-risk platform known for adaptive, gamified phishing training and SOC-connected remediation, and it has extended into voice and deepfake scenarios. It supports vishing and voice cloning, can combine email with simulated video meetings, and draws on a very large dataset of simulations and reported threats to benchmark performance across a workforce.
Hoxhunt is a good fit for large enterprises that want adaptive, behavior-change-oriented training at scale and value tight integration between simulation results and security operations, with voice as part of a broader program.
Pros
Mature, adaptive training engine with strong behavior-change focus
Large benchmarking dataset across many organizations
Voice and deepfake scenarios within an integrated platform
SOC-connected remediation workflows
Cons
Voice is one capability inside a wider suite rather than the central product
Enterprise orientation can be heavier than smaller teams need
Jericho Security
Jericho Security is an AI-focused training vendor centered on personalized, multi-channel phishing, with genuine voice and video capability alongside email. It offers vishing with live, adaptive conversations, voice cloning, and deepfake video simulation, positioning itself as an all-in-one AI attack-simulation platform.
Jericho is a strong fit for teams that want rapid, AI-generated multi-channel scenarios and value deepfake video simulation as a first-class feature next to voice.
Pros
Live adaptive vishing plus deepfake video simulation
AI-generated, personalized multi-channel scenarios
Voice cloning support
All-in-one positioning across email, voice, and video
Cons
Younger platform with a smaller track record than incumbents
Breadth can mean less depth on any single channel for some buyers
Keepnet Labs
Keepnet Labs is a broad human-risk-management suite spanning phishing, smishing, vishing, awareness training, reporting, and incident response. Its vishing module offers voice cloning and dedicated voice metrics, and the platform emphasizes compliance-oriented reporting aligned to standards such as ISO 27001 and NIS2, which appeals to regulated buyers.
Keepnet is best for organizations that want vishing inside a wide, compliance-focused human-risk platform rather than a standalone voice specialist. One caveat worth verifying in a demo: its simulated calls lean on AI text-to-speech with template-based scenarios, so confirm how adaptive the conversation actually is against your own test cases.
Pros
Vishing within a broad, multi-channel human-risk suite
Voice cloning and dedicated vishing metrics
Strong compliance and standards-aligned reporting
Wide attack-surface coverage and response tooling
Cons
Call realism is more template and text-to-speech driven than fully unscripted; test it directly
Voice depth is one part of a large suite rather than the core focus
The deepfake that fooled a bank's camera and the cloned voice that fools your help desk are the same capability, bought from the same shelf. Liveness detection will harden the onboarding flow, and call authentication will clean up some of the noise on the line, but neither decides what an employee does when a convincing voice asks them to act now. That decision is where the attack is won or lost, and the only reliable way to settle it in your favor is to make verifying through a second channel a trained reflex that holds up under pressure. Building that reflex is what the software above is for, and the case in Amsterdam is a preview of what it will be tested against.
