Mytek Logo
MyTek Logo

New Cyberattack Targeting Remote Workers

by | Aug 31, 2020 | MyTek Blog, Security


Subscribe To The Blog

By subscribing to the blog, you will be notified when a new blog post is created on the site.

Remote work, which has been made super popular due to the onset of the coronavirus, has opened a lot of businesses up to security threats. Today, we’re going to talk about a newer threat called vishing, or voice phishing.

Warnings from Federal Agencies

Currently, this issue is being pressed by the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation right now. Just like any other phishing attack, vishing is the same, but instead, it’s conducted through a voice call instead of an email or message.

These two agencies have warned that cybercriminals have recently started a vishing campaign that is directed at those who work from home. With using login credentials from corporate networks, criminals are turning a profit by selling them to other criminals.

The Vishing Strategy

Cybercrime groups are using registered facsimile domains to mimic legitimate company resources before they develop phishing sites to live on. Usually, these domains are structured like:

  • [company]-support
  • support-[company]
  • ticket [company]
  • Employee-[company]

These pages also look a lot like a company’s login page, which makes it easy to trick employees into logging in with their credentials. Then, the hackers have these credentials and the hackers can access the network.

Once this page is complete and ready to be used, the criminal groups begin to research a company’s employee so that they can build an entire profile on them. This includes names, phone numbers, addresses, workplace titles and even how long an employee has been employed at their company. Then they will use spoofed or random VoIP numbers and will call employees to gain trust.

With this trust, the attacker will direct targets at employees so they go to the spoofed VPN page. If they succeed, they have access to a real account through the credentials they have now been given. Now, they can collect data air extract it for financial gain.

Identifying Scams

Always be suspicious of unsolicited messages, which even include calls and voicemails. Always verify the identity of the person you are speaking to. Keep track of phone numbers and internet domains you are led to. Never visit a website if you are instructed to over the phone. For more help with vishing, give MyTek a call today at 623-312-2440.


Tim - Team

Tim Tiller, LMSW

Tim Tiller, MSW brings a deep service background to his role at Mytek, having graduated from McDonald’s management training program, fresh out of high school, and working his way up through the ranks in the hospitality industry. He has led two prior companies – Multi-Systems Inc., an IT-focused organization providing technology to hospitality companies (where he was named President at age 36), and most recently, as Chief Operating Officer for Jewish Voice Ministries International.


Subscribe To This Author

By subscribing to the author, you will be notified when a new blog post is created by the author.


Top 5 Hardware Monitoring Software 

Did you know that almost 40% of servers had at least one outage in the last twelve months? Veeam reports that the most common reason for outrages is infrastructure failure which puts the current hardware monitoring practices under the scanner. Hardware failures are...

Types of Mobile Malware & How to Defend Against Them

Malware has a long history of undermining computer security and stealing critical data. With the rapid growth of mobile usage, we're now seeing a new breed of mobile malware infecting smartphones and tablets. The new-age mobile malware are more advanced, seamless, and...

How to Protect Your Data Privacy & Enhance IT Security

Every time you use a device, you enter, modify or access data. Some of your usages are routine and public but sometimes you perform tasks that are confidential in your personal life or business. Naturally, this type of data is private and it should be kept that way....

Mobile? Grab this Article!

QR Code

Blog Archive

Share This