FBI Warn of Increased Vishing Attacks
There is a new form of phishing being used against corporations, and it has gained the attention of the FBI. Vishing is a form of phishing using a phone call or Voice over IP (VoIP). This technique is yet another way hackers are taking advantage of employees working from home during the pandemic.
The increase in vishing attacks began in mid-July. Criminals registered domain names of companies they were interested in targeting. From there, they built fake VPN sites that looked similar to the target company’s own VPN login site. Hackers were also able to spoof phone numbers, so the number they were calling from appeared to come from within the corporation. The next step was to find an employee to target. Hackers went looking for information on social media sites and were able to find names and email addresses for employees of target companies.
Krebs on Security reported hackers would typically target new employees, and even create fake LinkedIn pages to gain their trust. Many of the attackers would pose as in-house IT helpdesk employees, convince a user they needed to use a different site for VPN access, and then ask for two-factor authentication (2FA) or one-time passwords (OTP) in order to help the new employee with a technical issue. Once the criminals gained access to the internal systems, they could basically move about freely. Hackers could collect customer data to be released later or encrypt data to be ransomed back to the company.
The FBI Cybersecurity Advisory does not list individual companies targeted, but many believe this is the method used in the recent Twitter hack. The FBI recommended some tips for companies including restricting VPN connections to managed devices only, and employing the principle of least privileged, where employees only have access to the data they need to do their job.
For employees the FBI report recommends checking web links carefully for misspellings. Bookmarking the correct VPN page, and do not deviate from that page. And being suspicious of unsolicited calls or emails asking for login credentials. Unfortunately new employees are likely not familiar with internal IT practices and norms.
Download the entire FBI report here.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.