MERIT Solutions Blog

New Cyberattack Targeting Remote Workers

New Cyberattack Targeting Remote Workers

Since the onset of the coronavirus, many businesses have managed to sustain themselves through remote work—also commonly known as telework. While this strategy has allowed quite a few businesses to survive, it has also opened them up to security threats. Here, let’s focus on one such threat: vishing, or voice phishing.

Warnings from Federal Agencies

The issue of voice phishing is currently being pressed by the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency alike. Vishing is the same as any other phishing attack, just conducted through a voice call instead of an email or other form of message.

These agencies have announced that cybercriminals have begun a vishing campaign, directed toward those that are working from home. By extracting login credentials for corporate networks, these criminals can turn a profit by selling access to other cybercriminals.

The Vishing Strategy

According to the FBI and CISA, cybercrime groups have registered facsimile domains to mimic legitimate company resources before developing phishing sites to live on these fake domains. These domains commonly had a structure like the following:

  • support-[company]
  • ticket [company]
  • employee-[company]
  • [company]-support

If someone were to visit these pages, they would find a page that looked very much like a company’s login page to their virtual private network—so as a result, if someone were to input their credentials, the cybercriminal would then have the means to access the business’ network. These pages can even capture multi-factor authentication measures.

Once these pages are completed, the criminal groups responsible then begin to research a company’s employees to build a profile on them. Names, addresses, phone numbers, workplace titles, and how even how long an employee has even been employed at a company are all included in these dossiers. Then, using random or spoofed VoIP numbers, hackers call these employees and swiftly gain their trust.

Once this trust is acquired, the attacker directs the targeted employee to the spoofed VPN page. Quicker than you can say “social engineering”, the hacker can then access the legitimate account. From there, the attacker is free to do as they please—collecting data on other employees and contacts to take advantage of or extracting other data for financial gain.

With attackers now directing these vishing scams toward remote workers, it is more important than ever that your team understands how they can identify phishing scams

Identifying Scams

  • Be suspicious of unsolicited messages—including calls and voicemails—from those you don’t know. If possible, verify their identity through another means to ensure that they are legitimate.
  • Keep track of the number that any suspected vishing messages come from, as well as the Internet domain you were directed to.
  • Don’t visit a website on a whim after a caller directs you to it, unless you have reason to believe it is legitimate.

For more assistance with your business’ security, reach out to the IT pros at MERIT Solutions. Give us a call at (757) 420-5150 to start a conversation.

Tip of the Week: Getting a Better Wi-Fi Signal at ...
Get Your Business Back on Track
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, September 21 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://www.meritsolutions.net/

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Tim Meyers Tip of the Week: Change Your Display in Windows 10
26 August 2019
Don't change only your operating system, change your display as well with a modern sunlight readable...
Tim Meyers E-Waste: An Often-Forgotten Environmental Issue
23 August 2019
E-waste and recycling and other waste management activities have not yet been determined, but they a...
Tim Meyers How to find the ideal desk height
23 August 2019
The table where you sit should be at the right height because it is necessary to have a good positio...
Tim Meyers Self-Driving Cars: Would You Hand the Wheel Over to a Computer?
23 August 2019
Self-driving cars are just cars, so they might have sensors, but no computer brain. Still, they are ...
Tim Meyers Checking Up on Medical IT in 2019
23 August 2019
Because almost all the personal information of the patients are on computers and on a cloud storage ...