itb-au logo
Story image

Voice phishing attacks on the rise, remote workers vulnerable

There is an increase in voice phishing attacks, where hackers use existing employee names in attempt to trick victims into sharing login credentials and data by phone.

 According to Check Point Research vishing attacks are targeting remote workforces, with the aim of getting a person to share login credentials or sensitive data.  

During the phone call, attackers imitate company representatives, often from finance, HR, IT or legal departments, and use social engineering techniques to trick victims into sharing account credentials or banking information. Attackers then use the information to steal the victim’s funds and/or deliver destructive malware.

 The warning from Check Point researchers follows a joint advisory from Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, warning of a wave of vishing attacks targeting private sector companies in the US. 

According to the advisory, threat actors typically call employees working from home to collect login credentials for corporate networks, which they later monetise by selling the access to other groups.

Recently, researchers at CPR were asked to investigate two vishing attacks against employees at an international corporation. The corporation received a total of 6 vishing phone calls within three months. Two of those phone calls are detailed below to better educate remote workers on the nature of vishing attacks.

The First Call

An attacker called the company’s technical support centre via a publicly available number, requesting to speak with a representative. The attacker introduced herself as an existing company employee, whose appearance matched the caller’s accent. During the call, the attacker requested the phone number of two other employees – both of them real company employees. The request was polite and accompanied by a spelling of the name, and shortly after that, the caller suggested the recipient install TeamViewer – a remote control application – allegedly to help the recipient locate the desired phone number. We can assume that the caller was carefully selected to match the description of the employee used as cover, and that the attackers verified that the employee was still working at the company.

Based on the area code, it appeared that the call originated from Miami. After further investigation, we discovered that the same phone number had been used and reported as phishing by users in Europe – the UK, Poland and Bulgaria as well as South Asia (Singapore, the Philippines and Japan). Individuals reported that callers from the same number asked for contact details of fellow employees. In total, the phone number was requested 95 times in the past 120 days.

The Second Call

Similarly to the above incident, the attacker reached out to the company’s technical support centre via a publicly available number, requesting to speak with a representative. In this case, the attacker shared a boarder cover story, involving a major telecommunication company. In return, the representative was more suspicious then before. This time, she used a phone number with no known spam reports found online, affiliated to San Francisco. Below is a partial transcription of the call. All names have been replaced to protect the targets’ identity.

“Vishing attacks are a growing cyber threat, alongside conventional phishing," says Lotem Finkelsteen, manager of threat intelligence at Check Poin.

"The direct nature of the vishing call means the attacker controls the information channel and puts additional pressure on the target.  We’re seeing that more and more multi-staged cyber-attacks are incorporating vishing calls as part of their infection chains, for a number of reasons."

"One, vishing attacks help hackers in their reconnaissance phase, where they can learn more about their targets. Second, vishing attacks deepen the phishing phase, as combining a call with an SMS message deepens the deception, for example. Third, vishing attacks become the core of major cyber-attacks, such as deceiving victims to handover 2FA codes sent over SMS, or grant access to a certain system, which is what happened in the Twitter account hijacking earlier this year. 

"Remote workers everywhere should learn to not overshare and to verify the authenticity of whoever they find themselves on the phone with.”

Story image
Three steps to achieve a better patient experience using data in the healthcare industry
Introducing new technology to the healthcare industry beyond COVID-19 will be complicated. The only thing that can simplify it is well-organised data insights.More
Story image
Nutanix brings Matt Maw onboard in new role of A/NZ head of tech strategy
The appointment and new role follows the expansion of the Nutanix A/NZ business in the fourth quarter of 2020, where it experienced 18% team growth, 13% customer acquisition growth, and a 14% rise in new partners.More
Story image
CFOs turning to Industry 4.0 to evolve manufacturing sector
Business intelligence and CRM are increasingly important for pandemic recovery.More
Story image
The devices that are changing the streaming game in time for Christmas
Here are some of the best products in the streaming business, used by veterans and beginners alike.More
Story image
Video: 10 Minute IT Jams - Who is OutSystems?
In this IT Jam, we speak with OutSystems vice president for A/NZ Paul Arthur, who discusses the company's role in the A/NZ region, how things have changed for the company and the industry amid pandemic, and what he sees in the future of visual development and digital transformation.More
Story image
Why automating the finance function is critical for future growth
As well as continually struggling with tedious workflows and manual processing, many finance professionals are still finding it a challenge to complete their month-end close. This is where software can help, writes BlackLine regional vice president for A/NZ Claudia Pirko.More