FBI and CISA Warn Against Surge in Voice Phishing Campaigns
upstart writes in with an IRC submission for nutherguy:
FBI and CISA warn against surge in voice phishing campaigns:
Authorities saw an uptick in voice phishing (or "vishing") campaigns after the pandemic forced companies to implement work-from-home arrangements. That's what the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have revealed in their joint cybersecurity advisory (PDF), which offers companies and end users a list of tips on how they can protect themselves against the scheme.
Part of the advisory reads:
"The COVID-19 pandemic has resulted in a mass shift to working from home, resulting in increased use of corporate VPN and elimination of in-person verification, which can partially explain the success of this campaign. Prior to the pandemic, similar campaigns exclusively targeted telecommunications providers and internet service providers with these attacks but the focus has recently broadened to more indiscriminate targeting."
The advisory was published shortly after Krebs on Security reported that a group of cybercriminals has been marketing a vishing service that uses custom phishing sites and social engineering techniques to steal VPN credentials from employees. While the agencies didn't confirm the report, they said that cybercriminals started a vishing campaign in mid-July 2020. They also described a scheme similar to what Krebs reported: bad actors registered domains using target companies' names and then duplicated their internal VPN login pages. The criminals used VoIP numbers at first but later started using spoofed numbers of victims' workmates and other offices within their company.
Read more of this story at SoylentNews.