UPDATED 22:54 EST / JANUARY 18 2021

SECURITY

FBI warns vishing attacks are on the rise amid COVID-19 pandemic

The U.S. Federal Bureau of Investigation has issued a warning in relation to “vishing” or voice phishing attacks, a form of cybercrime that uses social engineering over a telephone to gain access access to private personal and financial information for the purposes of financial reward.

The FBI said in a notification Jan. 14 that cybercriminals are focusing their operations to target employees of companies who maintain network access and an ability to escalate network privileges.

The agency noted that the vishing attackers are taking advantage of lockdown orders and other coronavirus rules that  have resulted in “changing environments and technology.” Because of COVID-19 restrictions, the FBI said, network access and privilege access may not be fully monitored.

The FBI warning also said cybercriminals are collaborating to target both U.S.-based and international-based employees at large companies through the use of voice over internet protocol platforms. During the vishing attacks, employees are said to be tricked into logging into a phishing webpage in order to capture their username and password. The cybercriminals then exploit the stolen login details to escalate privileges on compromised accounts, allowing them to gain further access into a given company network, often causing significant financial damage.

“With so many people working from home, they are more likely to fall for this type of vishing scam because they don’t have the protective environment of being in their corporate offices,” James McQuiggan, security awareness advocate at security awareness company KnowBe4 Inc., told SiliconANGLE. “One of the critical things employees want to do is to understand and follow the concept of ‘trust but verify.'”

A social engineer can use software to pretend he or she is calling from within the business and pretend to be from the information technology department, McQuiggan explained. “In these recent cases, they want people to log into a new VPN website,” he said. “Organizations want to make sure they have a robust communication protocol for employees to receive updates.”

As for employees, he added, “if you get a phone call and the person on the end of the line wants you to visit a website, it’s a good idea to make sure you know who you’re speaking to and verify that it’s actually them. Using an out-of-band communication tool, like an internal chat program, email or another program, can help you confirm it’s the real person.”

Photo: J/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.