The Federal Bureau of Investigation (FBI) and Certified Information Systems Auditor (CISA) warns the public about rampant voice phishing during the global pandemic caused by COVID-19. The security agencies explained that "vishing" campaigns are currently more efficient because most people are working from home.
FBI and CISA warn of major wave of vishing attacks targeting teleworkers Hackers are calling employees working from home and tricking them into accessing phishing pages for corporate domains. https://t.co/lWovTz4y1b via @AlisterBrenton #infosec #privacy pic.twitter.com/ShhgTLp55j — Alister Brenton (@AlisterBrenton) August 22, 2020
Authorities claimed that after the pandemic forced companies to conduct work-from-home (WFH) arrangements to their employees, they saw an increase in voice phishing or vishing campaigns. CISA and FBI's cybersecurity advisory revealed the case, and provide end-users and companies tips on how they can protect their database against the new scheme.
"The COVID-19 pandemic has resulted in a mass shift to working from home, resulting in increased use of corporate VPN and elimination of in-person verification, wrote the security agencies.
"Prior to the pandemic, similar campaigns exclusively targeted telecommunications providers and internet service providers with these attacks," they added.
Krebs on Security first reported the malicious act, stating that a group of cybercriminals that uses social engineering techniques and custom phishing sites to steal employees' VPN credentials is currently marketing a vishing service.
Why the malicious act mostly targets new employees
The hackers tend to focus on new hires, disguising as new IT personnel of the companies. To gain new employees' trust, the infiltrators even create fake LinkedIn pages.
FBI and CISA Issue Warning over Increase in Vishing Attacks https://t.co/ZGCh1ZZPL8 #CyberSecurity pic.twitter.com/2aisN0ekQ7 — Angelo G Longo (@aglongo) August 24, 2020
The cybercriminals compile the company's documents containing information gathered from marketing tools, publicly available background checks, and public profiles. They will send a fake VPN link to the new hires, requiring log-in details, after the hackers lure the victims.
The unsuspecting victims would approve their phones' two-factor prompts or input OTP verification numbers, believing that they need to access it because they gave the fake IT staff their account information.
For more news updates about certain malicious acts, always keep your tabs open here at TechTimes.
This article is owned by TechTimes,
Written by: Giuliano de Leon.