FBI Issues Warning About Vishing Attacks on Corporate Accounts

The FBI has issued a warning regarding voice phishing attacks being used against remote workers to harvest corporate credentials.

The FBI has issued a warning regarding voice phishing attacks being used against remote workers to harvest corporate credentials.

According to a recent FBI Private Industry Notification (PIN), hackers are reportedly using VoIP call to trick people into logging into phishing sites in order to get their VPN and work login credentials.

“During COVID-19 shelter-in-place and social distancing orders, many companies had to quickly adapt to changing environments and technology. With these restrictions, network access and privilege escalation may not be fully monitored,” said the notification.

The FBI cited a case where hackers used the stolen credentials from an employee they vished to log into the company’s actual VPN to locate employees with greater privileges.

The FBI said that such incidents could cause operational problems and financial damage.  

The PIN contained recommendations to prevent vishing attacks such as multi-factor authentication (MFA), privilege reviews, network segmentation, and active monitoring. 


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.