in

Video Calls could be your Next Security Suffering, Warns FBI: Increased Voice Phishing Attacks

Video Calls could be your Next Security Suffering, Warns FBI Increased Voice Phishing Attacks
Image Source - Google | Image by cbsnews

The FBI is cautioning that cybercriminals are taking advantage of VoIP systems to target company employees in complicated voice phishing attacks.

As the pandemic has compelled unusual numbers of employees to work remotely, retaining the same corporate security level has become a problem. Cybercriminals are taking advantage of this by gaining access to VoIP systems and company chatrooms and then persuading employees to log into counterfeit VPNs to embezzle their credentials.

The FBI put out an advisory to caution companies and enable them to mitigate the threat.

As of December 2019, cybercriminals worked together to target both US-based and international-based employees’ at large companies using social engineering methods. The cybercriminals vished these employees through the use of VoIP platforms.

What are Vishing attacks?

  1. Vishing attacks are voice phishing, which happens during a phone call to users of VoIP
  2. During the phone calls, employees were fooled into logging into a phishing webpage to seize their username and password.
  3. After attaining access to the network, many cybercriminals found they had more significant network access, encompassing the proficiency to escalate privileges of the compromised employees’ accounts, thus letting them gain further access into the network, often resulting in substantial financial

For instance, the cybercriminals found an employee via the company’s chatroom and persuaded the person to log into the fake VPN page regulated by the cybercriminals. The actors wielded these credentials to log into the company’s VPN and conducted reconnaissance to discover someone with elevated privileges.

The cybercriminals looked for employees who could execute username and e-mail alterations and found an employee through a cloud-based payroll service. The cybercriminals utilized a chatroom messaging service to reach and phish this employee’s login credentials.

The FBI suggests numerous mitigation measures, comprising facilitating multi-factor authentication, commencing new employees with least security privileges, vigorously searching for unauthorized access or mutations, carrying out network segmentation, and providing administrators two accounts, one with admin privileges and the second other duties.

What do you think?

164289 points
Upvote Downvote

Written by Ritik Gupta

His name is Ritik Gupta; currently pursuing law. He has always kept pride as his everything. He deems writing as not like any other hobby but a reflection of one’s intellectuality. He likes to research on the parasitic problems and then lay them down in such a means that can be of assistance to the society. He just not studies law but treats it a controversial weapon to defeat the wrong.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Loading…

0
SEBI approved Future Group-Reliance Industries deal

SEBI Approved Future Group-Reliance Industries Deal

India’s Supreme Court Upholds Laws Protecting New Owners of Insolvent Companies

India’s Supreme Court Upholds Laws Protecting New Owners of Insolvent Companies