Security News > 2021 > January > FBI warns of vishing attacks stealing corporate accounts
The Federal Bureau of Investigation has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation from US and international-based employees.
In multiple cases, once they gained access to the company's network, the threat actors gained greater network access than expected allowing them to escalate privileges using the compromised employees' accounts.
"In one instance, the cybercriminals found an employee via the company's chatroom, and convinced the individual to log into the fake VPN page operated by the cybercriminals," the FBI said.
This is the second warning alerting of active vishing attacks targeting employees issued by the FBI since the start of the pandemic after an increasing number of them have become teleworkers.
"In mid-July 2020, cybercriminals started a vishing campaign - gaining access to employee tools at multiple companies with indiscriminate targeting-with the end goal of monetizing the access," the agencies said at the time.
Implement multi-factor authentication for accessing employees' accounts in order to minimize the chances of an initial compromise.