Get Started Today!  360-491-2227

croom new

PC Technologies Blog

Phishing is a Threat, Even By Phone

Phishing is a Threat, Even By Phone

Telework has become crucial for businesses to sustain themselves right now, as remote work became a hard and fast requirement in the face of the coronavirus. However, if businesses aren’t careful, they could trade one issue for another in exposing themselves to security threats.

Let’s take a few moments to discuss one threat that many are facing: voice-based phishing, or vishing.

Federal Agencies Have Sounded the Alarm

Both the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have called attention to this variety of phishing. By calling a targeted victim, rather than sending an email or another kind of correspondence, an attacker can potentially pull the wool over their target’s eyes by using a less-expected attack strategy.

Those who are working from home are being targeted by a vishing campaign intended to acquire the access credentials needed to get into corporate networks. Once these credentials are obtained, the cybercriminals responsible can turn around and sell this access to others for their nefarious use.

How These Attacks Are Presenting Themselves

By registering lookalike domains to pose as a company’s actual resources, cybercriminals set themselves up to steal company credentials. These domains can be extremely convincing, often structured in the following ways:

  • support-[company]
  • ticket [company]
  • employee-[company]
  • [company]-support

As these pages replicate a company’s login page to their virtual private network, unwitting users are more likely to enter their credentials. This means that the attacker is then able to capture these credentials—including multi-factor authentication codes—and use them to gain access to the targeted business’ network.

Once these facsimile pages are completed, criminals then do some digging into a company to learn more about their employees. A profile is constructed, with the name, address, phone number, job title, and even length of employment for each employee included. Using this data, a hacker can call their target through a spoofed number and send them to their fraudulent VPN webpage.

This gives the hacker the means to access an employee’s work account, enabling them to collect more data for further phishing efforts or other data theft efforts. These attacks are now being directed to the team members that are currently working from home, making it even more important for your employees to be able to recognize the signs of phishing.

How to Identify Phishing Scams of All Kinds

  • Exercise caution when dealing with unsolicited calls, voicemails, and any other messages from those you don’t know. If you can, double-check that the person is who they claim to be through another means of communication.
  • Double-check the number of a suspected vishing caller, as well as any Internet domains you may be told to navigate to.
  • Avoid visiting any websites that a caller recommends without good reason to trust their legitimacy.

PC Technologies is here to help you with an assortment of your business’ IT needs and concerns, including your cybersecurity. Give us a call at 360-491-2227 to learn about the services and solutions we can put in place on your behalf.

What Would Happen if All Data Was Publically Avail...
Tip of the Week: When Do I Need to Clean My Comput...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, September 23 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.pctechnologies.net/

Mobile? Grab this Article!

Qr Code

Latest Blog Entry

Considering how much as we rely on our mobile devices each day, it comes as no surprise how stressful the “LOW BATTERY” notification can be. While you might assume that it only seems to appear earlier and earlier in the day, there are in fact a variety of conditions that cau...

Latest News

PC Technologies launches new website!

PC Technologies is proud to announce the launch of our new website at www.pctechnologies.net. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.

Read more ...

Account Login