Voice phishing, or vishing, is a common way criminals target us. Using this phone-based approach, fraudsters attempt and often succeed in collecting personal data that can be used to turn a profit.
The FBI has recently warned that companies and organizations are increasingly being targeted these kinds of voice phishing, or “vishing,” attacks. Whether you are in charge of security at the enterprise level or in your home, it’s important to be aware of this potential security issue.
In the January 14 Private Industry Notification (PIN), the FBI warned of an increase in the use of social engineering to target remote workers for access to company networks and data.
“[C]yber criminals collaborated to target both US-based and international-based employees’ [sic] at large companies using social engineering techniques. The cyber criminals vished these employees through the use of VoIP platforms…. During the phone calls, employees were tricked into loggin into a phishing webpage in order to capture the employee’s username and password… thus allowing them to gain further access into the network often causing significant financial damage,” the notification stated.
While the notification stated that the issue has been under investigation by the Bureau since at least 2019, it mentions that the potential for vishing attacks has increased due to greater difficulty managing and maintaining secure access to networks in the wake of the Covid-19 pandemic.
There is plenty you can do to protect your company and your family. The FBI’s notification ends with a series of suggestions to mitigate the risks of vishing and social engineering on company networks, including:
- Enabling multi-factor authentication (MFA) for employee accounts.
- Granting new hires network access on a least-privilege scale, and reviewing employee network access rights.
- Scanning for signs of unauthorized access and unusual network activity.
- Breaking up larger networks into smaller segmented ones to increase oversight and control of network activity.
- Giving network administrators separate accounts with varying access for system administrative activities and day-to-day tasks such as email.
Cyberscout offers powerful tools and real-life humans to help you navigate the new cyber landscape. You may already have Cyberscout services through your insurance carrier, employer or your financial service provider.
See the PIN here.