The U.S. Federal Bureau of Investigation has issued a warning in relation to “vishing” or voice phishing attacks, a form of cybercrime that uses social engineering over a telephone to gain access access to private personal and financial information for the purposes of financial reward.

The FBI said in a notification Jan. 14 that cybercriminals are focusing their operations to target employees of companies who maintain network access and an ability to escalate network privileges.

The agency noted that the vishing attackers are taking advantage of lockdown orders and other coronavirus rules that  have resulted in “changing environments and technology.” Because of COVID-19 restrictions, the FBI said, network access and privilege access may not be fully monitored.

The FBI warning also said cybercriminals are collaborating to target both U.S.-based and international-based employees at large companies through the use of voice over internet protocol platforms. During the vishing attacks, employees are said to be tricked into logging into a phishing webpage in order to capture their username and password. The cybercriminals then exploit the stolen login details to escalate privileges on compromised accounts, allowing them to gain further access into a given company network, often causing significant financial damage.

“With so many people working from home, they are more likely to fall for this type of vishing scam because they don’t have the protective environment of being in their corporate offices,” James McQuiggan, security awareness advocate at security awareness company KnowBe4 Inc., told SiliconANGLE. “One of the critical things employees want to do is to understand and follow the concept of ‘trust but verify.'”

A social engineer can use software to pretend he or she is calling from within the business and pretend to be from the information technology department, McQuiggan explained. “In these recent cases, they want people to log into a new VPN website,” he said. “Organizations want to make sure they have a robust communication protocol for employees to receive updates.”

As for employees, he added, “if you get a phone call and the person on the end of the line wants you to visit a website, it’s a good idea to make sure you know who you’re speaking to and verify that it’s actually them. Using an out-of-band communication tool, like an internal chat program, email or another program, can help you confirm it’s the real person.”

Photo: J/Flickr