XTB Adds In-App Call Verification to Combat Voice Phishing

XTB has introduced a real-time call verification feature within its investment app to address rising voice phishing attacks targeting retail investors. The feature allows users to confirm whether incoming calls claiming to be from XTB representatives are legitimate, introducing a second layer of authentication tied directly to the firm’s application rather than relying solely on verbal verification during calls.

Rise in Voice Phishing Attacks

The rollout comes as cyber threats shift toward exploiting human behavior rather than system vulnerabilities. According to data referenced by the company, vishing activity rose significantly in 2024, reflecting a broader trend in cybercrime where attackers rely on direct communication channels to bypass traditional security measures. Industry data shows a sharp increase in voice-based fraud, where attackers impersonate financial institutions to gain access to client accounts.

How the Feature Works

The new feature allows users to request confirmation within the app during a phone call. If the call originates from XTB, a real-time notification verifies the identity of the caller, reducing the risk of impersonation.

In addition to verifying calls, the feature changes how users authenticate themselves when interacting with customer support. Instead of answering multiple security questions, clients can approve a push notification within the app. This reduces reliance on knowledge-based authentication, which can be compromised through data breaches or social engineering. Real-time confirmation through a secure channel provides an alternative method tied to the user’s device.

Security as Core Platform Feature

The addition of call verification highlights a shift in how trading platforms approach security, with greater emphasis on user-facing tools that address specific fraud vectors. As communication channels expand, verification methods are being adapted to cover interactions beyond login and transaction authorization.

Voice-based fraud has been a persistent issue in financial services, particularly where attackers exploit trust in phone-based communication. Embedding verification within the app creates a controlled environment where users can confirm identities independently.

Omar Arnaout, Chief Executive Officer of XTB, commented: “The safety of our clients’ accounts is our top priority. At a time when global cyberthreats are evolving faster than ever before, we believe financial institutions should lead with innovation and responsibility. We want every XTB client to feel empowered, informed, and fully confident during every interaction with our team.”

Broader Industry Implications

The introduction of in-app verification tools reflects a wider industry response to evolving cyber threats. As attackers focus on exploiting human interaction, security measures are shifting toward real-time validation and multi-channel authentication.

For retail investors, these changes affect how they interact with platforms, particularly in situations involving account access or support requests. The balance between security and usability remains a key consideration, as additional steps can affect user experience.

For brokers, such features also affect operational processes, as customer support interactions need to align with new authentication methods. This may reduce handling time but requires integration across communication systems.

XTB said the feature is now available within its app, positioning it as part of a broader effort to strengthen account protection as cyber threats continue to evolve.