Cybercriminals have found a new way to target companies in the COVID-19 era. As businesses continue to work remotely, cybercriminals are pivoting as well, adjusting techniques to infiltrate companies while employees are teleworking. Criminals use a technique called “vishing” to steal employee information and corporate resources.
What is vishing?
Also called voice phishing, criminals conduct vishing attempts by calling employees to get access to their corporate virtual private network (VPN).
How does it work?
Cybercriminals find employee cell phone numbers on the internet and call them. They try to manipulate employees, including by posing as IT staff, to enter login information in a new VPN link sent by the criminals. The criminals store this login information and use it to enter the company’s VPN and take employee information, business resources and even company funds.
How can I keep my business safe from vishing?
Educate employees to be conscious of the following:
Last week, the FBI and the Cybersecurity and Infrastructure Security Agency issued a warning about this new vishing campaign. Please contact Walt Green or any other member of Phelps’ Cybersecurity team if you have questions about this warning or need compliance advice and guidance. For more information related to COVID-19, see Phelps’ COVID-19: Client Resource Portal.