FBI, CISA Echo Warnings on ‘Vishing’ Threat

2020-08-21 20:34

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency on Thursday issued a joint alert to warn about the growing threat from voice phishing or "Vishing" attacks targeting companies.

"In mid-July 2020, cybercriminals started a vishing campaign-gaining access to employee tools at multiple companies with indiscriminate targeting - with the end goal of monetizing the access."

The joint FBI/CISA alert says the vishing gang also compiles dossiers on employees at the specific companies using mass scraping of public profiles on social media platforms, recruiter and marketing tools, publicly available background check services, and open-source research.

"Actors first began using unattributed Voice over Internet Protocol numbers to call targeted employees on their personal cellphones, and later began incorporating spoofed numbers of other offices and employees in the victim company. The actors used social engineering techniques and, in some cases, posed as members of the victim company's IT help desk, using their knowledge of the employee's personally identifiable information-including name, position, duration at company, and home address-to gain the trust of the targeted employee."

"The actors then convinced the targeted employee that a new VPN link would be sent and required their login, including any 2FA or OTP. The actor logged the information provided by the employee and used it in real-time to gain access to corporate tools using the employee's account."

News URL

https://krebsonsecurity.com/2020/08/fbi-cisa-echo-warnings-on-vishing-threat/

#cisa #echo #FBI #threat #vishing