The FBI and Cybersecurity and Infrastructure Security Agency issued an advisory Aug. 20 warning of new voice phishing attacks against U.S. companies with employees working from home.
The voice phishing, or vishing, campaign started in mid-July with cybercriminals calling victims to obtain login credentials for corporate networks, which the cyber actors then used to collect login credentials for corporate networks and sell to other criminal gangs.
The cybercriminals gather documents on specific employee targets by mass scraping public profiles on social media platforms, recruiter and marketing tools and publicly available background check services. Collected information includes employees' names, home address, personal cellphone number, position at company and duration of work there.
"The actors used social engineering techniques and, in some cases, posed as members of the victim company's IT help desk, using their knowledge of the employee's personally identifiable information…to gain the trust of the targeted employee," the advisory states. "The actors then convinced the targeted employee that a new VPN link would be sent and required their login, …and the actor logged the information provided by the employee and used it in real-time to gain access to corporate tools using the employee's account."
In addition to spreading awareness of the vishing campaign, the FBI and CISA also recommend companies restrict VPN connections and monitor web applications for unauthorized access.