Why Cybercriminals Prefer a Conversation
- Jun 3
- 1 min read
When most people think about cyberattacks, they picture hackers and sophisticated tools designed to break into systems. But some of the biggest attacks in recent years reportedly started with something much simpler: a phone call.

The attacks affecting M&S and Co-op are believed to have involved staff being targeted over the phone. Similar tactics have also been linked to incidents involving Google, Cisco and Charter Communications.
That's because cybercriminals know that breaking technology is often much harder than manipulating people. A simple conversation gives attackers something other avenues can't. Trust.
When someone calls claiming to be from IT, a supplier, a colleague or even a senior leader, our instinct is to engage. Add a bit of urgency and a believable story and it's easy to see how people can be persuaded to share information, reset passwords or approve access they normally wouldn't.
The reality is that most people want to be helpful. Attackers know that and they exploit it. What's making matters worse is the rise of AI. Voice cloning and caller spoofing are making it increasingly difficult to tell the difference between a genuine request and a malicious one. This isn't about blaming employees. In fact, the opposite is true.
If some of the world's largest organisations can be targeted through social engineering, anyone can. The answer isn't more suspicion. It's better awareness, clear verification processes and giving people the confidence to slow down and question requests that don't feel quite right.
Because sometimes the easiest way into an organisation isn't through a firewall or a software vulnerability.
It's through a conversation.