Voice phishing or vishing schemes are on the rise, specifically targeting people who work from home, the FBI and CISA warn the public…
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are both warning American workers of a huge increase in voice phishing or vishing crimes. These are aimed at employees who are working from home, using some clever techniques to gain sensitive corporate and personal data.
FBI and CISA Warn Work-from-Home Employees of Voice Phishing Scam Surge
These voice phishing or vishing scams mostly center around gaining access to enterprise networks. The criminals pose as legitimate IT professionals, even going so far as to create fake — yet believable — LinkedIn profiles. They also compile dossiers about their target companies. Then, contact WFH or work-from-home employees.
When ready, the fraudsters phone or email unsuspecting workers and send them a fake VPN for them to login. After falling for the scheme by approving two-factor authentication for the bogus VPNs, the cyber thieves can gain access to the target company’s network. The hackers then mine the compromised networks for customers’, employees’, and corporate data for nefarious purposes, like selling it on the dark web or for identity theft.
The advisory reads in-part:
“The COVID-19 pandemic has resulted in a mass shift to working from home, resulting in increased use of corporate VPN and elimination of in-person verification, which can partially explain the success of this campaign. Prior to the pandemic, similar campaigns exclusively targeted telecommunications providers and internet service providers with these attacks but the focus has recently broadened to more indiscriminate targeting.”