IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

FBI warns of ongoing corporate vishing attacks

Hackers are attempting to steal corporate credentials from US-based employees using voice phishing

Vishing alert on a smartphone

The FBI has issued a warning of continuing vishing attacks attempting to steal employees’ corporate network credentials. 

Vishing (also known as voice phishing) is where hackers make VoIP calls to victims to trick them into logging onto a phishing webpage so they can capture the employee’s username and password.

According to an FBI Private Industry Notification (PIN), threat actors are using VoIP access to exploit employees working from home. Many of these employees use VoIP networks to take company phone calls, making them easy targets for cyber criminals.

"During COVID-19 shelter-in-place and social distancing orders, many companies had to quickly adapt to changing environments and technology," the PIN read. "With these restrictions, network access and privilege escalation may not be fully monitored."

According to the PIN, as organizations implement more tools to automate services on their networks, the ability to keep track of who has access to different points on the network and what type of access they have, will become more difficult to regulate.

Related Resource

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

How to choose a cloud-based phone solution - whitepaper from AircallDownload now

The FBI said as of last month, cyber criminals collaborated to target US-based and international employees’ at large companies using social engineering techniques. These attacks led to hackers gaining extensive access to corporate networks.

“After gaining access to the network, many cybercriminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network often causing significant financial damage,” read the PIN.

In one instance, cyber criminals found an employee via the company’s chatroom and convinced them to log into a fake VPN page. The actors used these credentials to log into the company’s VPN and perform reconnaissance to locate someone with higher privileges.

“The cybercriminals were looking for employees who could perform username and e-mail changes and found an employee through a cloud-based payroll service. The cybercriminals used a chatroom messaging service to contact and phish this employee’s login credentials,” the FBI said in the PIN.

The FBI urged organizations to protect themselves from such attacks by implementing multi-factor authentication (MFA) to minimize the chance of a compromise. The FBI also recommended granting network access on a least privilege scale — giving the user only the access they need to complete their job — when hiring new employees. 

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

The truth about cyber security training
Whitepaper

The truth about cyber security training

25 Apr 2022
The truth about cyber security training
Whitepaper

The truth about cyber security training

25 Apr 2022
The Total Economic Impact™ of Mimecast
Whitepaper

The Total Economic Impact™ of Mimecast

25 Apr 2022
The Total Economic Impact™ of Mimecast
Whitepaper

The Total Economic Impact™ of Mimecast

25 Apr 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Google Russia files for bankruptcy, ends operations in the country
Business operations

Google Russia files for bankruptcy, ends operations in the country

19 May 2022