Vishing what it is and why I have to be careful

Check Point security researchers have spotted a new type of social engineering attack to deceive those who work from home. The goal is personal information, money and the introduction of malware into a corporate network.

During the pandemic, many people work from home. This offers cyber criminals the opportunity to attack their employees as well as their employers.

What is Vishing?

Vishing is a par του ηλεκτρονικού “ψαρέματος”, όπου η φωνή – V για τον αγγλικό όρο “voice” – παίζει πολύ σημαντικό ρόλο. Οι απατεώνες καλούν τους υπαλλήλους και πλαστοπροσωπούν έναν συγκεκριμένο υπάλληλο για να αποκτήσουν πρόσβαση σε ορισμένα τμήματα του δικτύου, πληροφορίες ή δεξιότητες, όπως τις for company money transfer.

The attacks discovered by Check Point are highly sophisticated:

Hackers use it to find out which employee has access to it through information that is stored and represents some large company. In addition, security researchers have discovered that criminals in English-speaking countries recruit scammers who speak very good English to read a text when they make their phone call.

In addition, fraudsters are constantly changing phone numbers to call their targets, to prevent them from being located and blacklisted. Vishing attacks claim that a company executive is calling. The calls often claim that the executive comes from the financial, legal or human resources department.

Different methods of attacking with graphics:

1.

2.

3.

Employees at home are very popular targets, because teleworkers are alone at home and of course can not easily check if the person talking to them on the phone is the one who claims.

CISA also warned in August 2020

Check Point observations on the new attack confirm the "fishing" warnings that issued in August (PDF) by the Cyber ​​Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). Both drew attention to targeted attacks against their companies and they also pointed out that telecommuters would be the main target of the calls.

Vishing: A new danger for teleworkers

Commenting on the new attacks, Lotem Finkelsteen, Director of Threat Intelligence at Check Point Software Technologies, said:

“Το ψάρεμα είναι μια από τις πιο επικίνδυνες απειλές που αντιμετωπίζουν σήμερα οι τηλεργαζόμενοι και σπάνια εντοπίζεται η απάτη. Έχουμε δει έναν αυξανόμενο αριθμό επιθέσεων στον κυβερνοχώρο πολλαπλών στρωμάτων που χρησιμοποιούν το vishing. Πρώτον, το vishing βοηθά τους hacker να μάθουν περισσότερα για τους στόχους τους πριν την κύρια επίθεση. Από την άλλη πλευρά, εμβαθύνει το πιο γνωστό fishing (phishing). Vishing is also becoming the core of larger attacks, where victims are tricked into revealing 2FA codes via SMS or giving access to specific systems – as happened in the major Twitter hack earlier this year.

Although all of them refer to the US and people who use LinkedIn to reveal too much personal information about themselves, their workplace and their employer, it is likely that the attacks will take place in other parts of the world.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).