Security News > 2020 > August > CISA, FBI Alert Warns of Vishing Campaign

The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation have issued an alert to warn of a voice phishing campaign targeting the employees of multiple organizations.

According to the two agencies, the attackers used social media, recruiter and marketing tools, open-source research, and publicly available background check services to harvest information on employees at the targeted organizations, including their names, addresses, and phone numbers, along with information on their position and duration at the company.

Using unattributed Voice over Internet Protocol numbers and spoofing the phone numbers of offices and employees within the victim company, the attackers then started calling the employees, attempting to trick them into revealing their VPN login information by accessing a new VPN link.

"The actors used social engineering techniques and, in some cases, posed as members of the victim company's IT help desk, using their knowledge of the employee's personally identifiable information-including name, position, duration at company, and home address-to gain the trust of the targeted employee," the alert reads.

To stay protected, organizations are advised to restrict VPN connections to managed devices only, restrict VPN access hours, monitor applications for unauthorized access, use domain monitoring to identify phishing domains, improve 2FA and OTP messaging, and educate employees on vishing and other phishing techniques.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/za7tdgg6Kr4/cisa-fbi-alert-warns-vishing-campaign