Disclosed are various embodiments for detecting replay attacks in voice-based authentication systems. In one embodiment, audio is captured via an audio input device. It is then verified that the audio includes a voice authentication factor spoken by a user. If it is determined that the audio includes unexpected environmental audio in addition to the voice authentication factor that has been verified, one or more actions may be performed.