New Cyberattack Targeting Remote Workers

Remote work, which has been made super popular due to the onset of the coronavirus, has opened a lot of businesses up to security threats. Today, we’re going to talk about a newer threat called vishing, or voice phishing.

Warnings from Federal Agencies

Currently, this issue is being pressed by the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation right now. Just like any other phishing attack, vishing is the same, but instead, it’s conducted through a voice call instead of an email or message.

These two agencies have warned that cybercriminals have recently started a vishing campaign that is directed at those who work from home. With using login credentials from corporate networks, criminals are turning a profit by selling them to other criminals.

The Vishing Strategy

Cybercrime groups are using registered facsimile domains to mimic legitimate company resources before they develop phishing sites to live on. Usually, these domains are structured like:

  • [company]-support
  • support-[company]
  • ticket [company]
  • Employee-[company]

These pages also look a lot like a company’s login page, which makes it easy to trick employees into logging in with their credentials. Then, the hackers have these credentials and the hackers can access the network.

Once this page is complete and ready to be used, the criminal groups begin to research a company’s employee so that they can build an entire profile on them. This includes names, phone numbers, addresses, workplace titles and even how long an employee has been employed at their company. Then they will use spoofed or random VoIP numbers and will call employees to gain trust.

With this trust, the attacker will direct targets at employees so they go to the spoofed VPN page. If they succeed, they have access to a real account through the credentials they have now been given. Now, they can collect data air extract it for financial gain.

Identifying Scams

Always be suspicious of unsolicited messages, which even include calls and voicemails. Always verify the identity of the person you are speaking to. Keep track of phone numbers and internet domains you are led to. Never visit a website if you are instructed to over the phone. For more help with vishing, give MyTek a call today at 623-312-2440.

Table of Contents

HUMANIZING IT AND CREATING IT HAPPINESS IN ARIZONA

Our goal is to reinvent the managed IT experience for growing Arizona businesses through a partnership with no long-term commitments, technology options that are flexible to meet your needs and infrastructure and strategy that position your technology as a competitive advantage.

Download Our Price Sheet