Voicemail is insecure and can be broken into through multiple techniques. If your applications employ a mechanism to deliver an OTP/2FA code via voice call, ensure that they are not sending them to voicemail.

https://blog.assetnote.io/2021/06/27/uber-account-takeover-voicemail/