The amalgamation of “Voice over IP (VoIP)” and “Phishing“ results in the term Vishing, used to describe a recurring scam over the phone and now targeting remote workers. The goal? Getting the victim to share sensitive personal information.
In view of the challenges to society raised by the COVID-19 pandemic, part of the workforce was forced to change their paradigm and work from home. However, scammers they also adapted their methods, aiming at teleworking.
Attempting to scam through phone call or video call
The alert was given by investigators at the cybersecurity agency Check Point, reporting a substantial increase in this type of attacks. Although not new, the scheme has again taken on worrying proportions with part of the telecommuting population.
With the simple and pernicious objective of getting the person to share personal information, and more seriously, bank details and other confidential details, the scheme is more sophisticated. According to the report of the agency in question, the attacker pretends to be representatives of several companies, especially in the area of finance, or human resources departments.
The deception is thus launched and fed by social engineering tactics to wear down the victim and make him share the targeted access credentials. These, warns the agency, can range from authentication data in the company, but generally deal with bank information and data.
Once attackers gain access to the necessary information, they do not waste time accessing bank accounts, especially at homebanking, subtracting the money, or even to install malware on the victim’s equipment.
Growing attack since August 2020
In light of Check Point’s conclusions, since last August there have been more attacks by vishing, focusing mainly on employees who are teleworking. A universe of potential victims, unfortunately, growing.
The wave of attacks was registered first in the United States of America, but it has been spreading with more countries and regions reporting similar cases. Among the most desirable data, login credentials on corporate networks and work sessions have grown significantly.
There are risks associated with teleworking
Impersonation or usurpation of identity is one of the biggest threats that make employees in remote work more susceptible, with attackers gathering a wide range of prior information in order to convince the victim.
They do so to gradually gain the trust of the target and make him think he is talking to a co-worker, or department supervisor. At other times, they present themselves as being new employees, wanting to get to know other colleagues, being able to ask for telephone contact to “speed up future contacts”.
The scam can also take on more familiar features, such as the request to install the TeamViewer tool – remote work management software. To this end, the miscreant will claim several reasons, including help in finding the necessary information.
All of this, of course, is nothing more than an attempt to gain access to the business platform, or network.
5 precautions to take to avoid attempts at vishing
1. Be careful with unsolicited calls. Note the number of the caller and, if appropriate, advise that you will call back. At the same time, we announce some caller IDs that can shed light on the subject.
two. Use a good VPN while teleworking. Especially when using public Wi-Fi networks, or when working from home and wanting to add an extra protection barrier, we recommend ExpressVPN, the market leader and with the most advanced security technologies.
3. Do not assume a call from someone hitherto unknown as genuine. The interlocutor can do a previous investigation to collect various data and convincing information. If in doubt, check with your employer.
4. Under no circumstances share passwords and PINs. Sensitive information about credit cards, authentication data in the email or data accessing the company account / telecommuting platform.
5. If in doubt, report the call. Share the suspicious case with the authorities, superiors, or customer support lines of the banking institutions.
EBox editors recommend:
