The FBI has warned about an increase in Voice Phishing or “Vishing” campaigns.
Covid-19 has resulted in a mass shift to work at home, causing an increased usage of virtual private networks (VPN) and elimination of in person verification. Starting in late summer 2020, a crime group offered a service that people can hire to steal VPN and other passwords from employees working at home.
The criminals create websites with names similar to legitimate companies but the might add a dash or an extra letter so people don’t notice it is not the real website. Then crooks focus on social engineering the new hires at a company and often they impersonate the staff at the target company’s IT helpdesk.
The vishing gang compiles dossiers on employees at the specific companies using mass scraping of public profiles on social media platforms, recruiter and marketing tools, publicly available background check services, and open-source research. This makes the call even more credible to the unsuspecting employee.
With the fake websites and personal information at hand, the crooks get the employee to click on a malicious link so they can gain access to the company resources. [Full article]