The FBI and Cybersecurity and Infrastructure Security Agency (CISA) recently issued an advisory in response to a voice phishing (vishing) campaign. Cybersecurity expert Brian Krebs, who reports on his website, Krebs on Security, analyzed the threat to industries being exploited by cybercriminals.
With numerous employees working remotely due to the coronavirus pandemic, those criminals are finding ways to circumvent security protocols and to monetize the breaches.
“The COVID-19 pandemic has resulted in a mass shift to working from home, resulting in increased use of corporate virtual private networks (VPNs) and elimination of in-person verification,” the alert reads. “In mid-July 2020, cybercriminals started a vishing campaign—gaining access to employee tools at multiple companies with indiscriminate targeting — with the end goal of monetizing the access.”
In his story, Krebs says: “The agencies said the phishing sites set up by the attackers tend to include hyphens, the target company’s name, and certain words — such as ‘support,’ ‘ticket’ and ’employee.’ The perpetrators focus on social engineering new hires at the targeted company, and impersonate staff at the target company’s IT helpdesk.”
Read the full story at Krebs on Security.