Discover what great technology looks like!

Phishing is a Threat, Even By Phone

Phishing is a Threat, Even By Phone

Telework has become crucial for businesses to sustain themselves right now, as remote work became a hard and fast requirement in the face of the coronavirus. However, if businesses aren’t careful, they could trade one issue for another in exposing themselves to security threats.

Let’s take a few moments to discuss one threat that many are facing: voice-based phishing, or vishing.

Federal Agencies Have Sounded the Alarm

Both the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have called attention to this variety of phishing. By calling a targeted victim, rather than sending an email or another kind of correspondence, an attacker can potentially pull the wool over their target’s eyes by using a less-expected attack strategy.

Those who are working from home are being targeted by a vishing campaign intended to acquire the access credentials needed to get into corporate networks. Once these credentials are obtained, the cybercriminals responsible can turn around and sell this access to others for their nefarious use.

How These Attacks Are Presenting Themselves

By registering lookalike domains to pose as a company’s actual resources, cybercriminals set themselves up to steal company credentials. These domains can be extremely convincing, often structured in the following ways:

  • support-[company]
  • ticket [company]
  • employee-[company]
  • [company]-support

As these pages replicate a company’s login page to their virtual private network, unwitting users are more likely to enter their credentials. This means that the attacker is then able to capture these credentials—including multi-factor authentication codes—and use them to gain access to the targeted business’ network.

Once these facsimile pages are completed, criminals then do some digging into a company to learn more about their employees. A profile is constructed, with the name, address, phone number, job title, and even length of employment for each employee included. Using this data, a hacker can call their target through a spoofed number and send them to their fraudulent VPN webpage.

This gives the hacker the means to access an employee’s work account, enabling them to collect more data for further phishing efforts or other data theft efforts. These attacks are now being directed to the team members that are currently working from home, making it even more important for your employees to be able to recognize the signs of phishing.

How to Identify Phishing Scams of All Kinds

  • Exercise caution when dealing with unsolicited calls, voicemails, and any other messages from those you don’t know. If you can, double-check that the person is who they claim to be through another means of communication.
  • Double-check the number of a suspected vishing caller, as well as any Internet domains you may be told to navigate to.
  • Avoid visiting any websites that a caller recommends without good reason to trust their legitimacy.

Techworks Consulting, Inc. is here to help you with an assortment of your business’ IT needs and concerns, including your cybersecurity. Give us a call at (631) 285-1527 to learn about the services and solutions we can put in place on your behalf.

What Would Happen if All Data Was Publically Avail...
Tip of the Week: When Do I Need to Clean My Comput...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Friday, 15 November 2024

Captcha Image

Contact Us

Learn more about what Techworks Consulting, Inc. can do for your business.

Call Us Today
Call us today
(631) 285-1527


Headquarters
760 Koehler Ave, Unit #3
Ronkonkoma, New York 11779

HIPAA Seal of Compliance” width=

HIPAA Seal of Compliance” width=

Latest Blog

A compressed file (also known as a zip file) is a handy way to accomplish various tasks, although many people may not know what they are or do. We want to fix that, so we’re going over what a compressed file is and how to make one.

TOP