This paper re-examines the threat of spoofing or presentation attacks in the context of automatic speaker verification (ASV). While voice conversion and speech synthesis attacks present a serious threat, and have accordingly received a great deal of attention in the recent literature, they can only be implemented with a high level of technical know-how. In contrast, the implementation of replay attacks require no specific expertise nor any sophisticated equipment and thus they arguably present a greater risk. The comparative threat of each attack is re-examined in this paper against six different ASV systems including a state-of-the-art iVector-PLDA system. Despite the lack of attention in the literature, experiments show that low-effort replay attacks provoke higher levels of false acceptance than comparatively higher-effort spoofing attacks such as voice conversion and speech synthesis. Results therefore show the need to refocus research effort and to develop countermeasures against replay attacks in future work.