We have seen that pretexting has become easier with mail and telephony, as they traditionally have low levels of security built in. It allowed pretexters to set the scene using genuine-looking mails or well-practiced telephone calls. As an organization, it is hard to prevent pretexters without taking very user-unfriendly measures. As a consultant, I have seen companies that require personnel present onsite for a password reset, or do not allow any form of remote access to the office. It is debatable if these kinds of measures really prevent bad things from happening.
As every organization defines where to draw the line, outcomes will differ markedly depending on the type of business, culture, and the risk ...