SAT content for AI vishing (voice deepfake impersonation) and Teams helpdesk impersonation
T
Tabrez Usman
We would like to request additional Security Awareness Training (SAT) content covering emerging social engineering attack methods not currently addressed in a dedicated way:
AI vishing / voice deepfake impersonation
Attackers using AI-generated voice to impersonate executives (e.g. CEO/CFO) over phone calls
Often combined with urgency and social engineering to trigger payments or credential disclosure
Collaboration platform impersonation (e.g. Microsoft Teams)
Attackers initiating calls or chats pretending to be internal IT/helpdesk
Used to social engineer users into approving MFA requests, sharing credentials, or granting remote access
While existing SAT content covers phishing, spear phishing, deepfakes, and social engineering broadly, these attack types are becoming more common and would benefit from dedicated training scenarios and/or simulations.
This would ideally include:
Scenario-based training episodes
Realistic simulations (similar to phishing campaigns)
Guidance on how to verify identity in voice/chat channels
These threats are actively being discussed in the industry and would provide strong value in improving user awareness and resilience.