• Home

  • Documents

  • VISHING SCAMS: A NEW CYBER THREAT IS ON THE RISE....ATTORNEYS AT LAW BETTER REPRESENTATION VISHING...
1
ATTORNEYS AT LAW BETTER REPRESENTATION VISHING SCAMS: A NEW CYBER THREAT IS ON THE RISE. According to the Federal Bureau of Investigation (“FBI”) and the Cybersecurity Infrastructure and Security Agency (“CISA”), cybercriminals have been waging a campaign to access company data through remote workers. This “vishing” campaign was launched in July and, according to the federal agencies, it is on the rise. As described by the FBI and CISA, vishers first create a duplicate version of a company’s VPN login page, often also registering a domain, such as “support-[company]” or “ticket-[company].” Then they review all publicly available information about an employee, which can be extensive, depending on social media settings, to prepare a socially- engineered attack. Next, they contact the employee by phone, either using VoIP (voice over internet protocol) to remain anonymous or by “spoofing” a company number and making it appear that the call is coming from within the organization. In the conversation with the employee, they may pretend to be a member of the company’s IT team, or another authorized individual, and indicate that they need the employee to log in to a “new” VPN connection. If this vishing campaign is successful, the employee will enter their credentials, including any required two-factor authentication information, into the visher’s cloned page and send this information directly to the unauthorized party. In turn, this gives the visher more access to company data, which could enable additional vishing campaigns or a ransomware attack. Federal authorities recommend several tactics for thwarting vishers. Monitoring domains with the corporate name could reveal copycat sites early. Restricting VPN access to particular hours could reduce the risk of unmonitored, after-hours “exploration” of your company data by hackers. Limiting employee access to sensitive information and monitoring activity on company servers could minimize the damage caused by successful vishing. Employees, for their part, can be instructed to verify the spelling of web links, to be alert to unsolicited phone calls, and to bookmark the correct VPN URL. If you may have been the victim of a vishing campaign, you wish to update your WISP to account for this risk, or you have additional questions about how a remote work environment can impact your legal obligation to safeguard personal information, please contact a member of Bulkley Richardson’s Cybersecurity Practice Group. Lauren Ostberg [email protected] 413-272-6282 Jim Duda [email protected] 413-272-6284 Michael Roundy [email protected] 413-272-6254 David Parke [email protected] 413-272-6257 Scott Foster [email protected] 413-272-6258 Sarah Willey [email protected] 413-272-6228

VISHING SCAMS: A NEW CYBER THREAT IS ON THE RISE....ATTORNEYS AT LAW BETTER REPRESENTATION VISHING SCAMS: A NEW CYBER THREAT IS ON THE RISE. According to the Federal Bureau of Investigation

  • Upload
    others

  • View
    5

  • Download
    0

Embed Size (px)

Citation preview

  • ATTORNEYS AT LAW

    BETTER REPRESENTATION

    VISHING SCAMS: A NEW CYBER THREAT IS ON THE RISE.

    According to the Federal Bureau of Investigation (“FBI”) and the Cybersecurity Infrastructure and Security Agency (“CISA”), cybercriminals have been waging a campaign to access company data through remote workers. This “vishing” campaign was launched in July and, according to the federal agencies, it is on the rise.

    As described by the FBI and CISA, vishers first create a duplicate version of a company’s VPN login page, often also registering a domain, such as “support-[company]” or “ticket-[company].” Then they review all publicly available information about an employee, which can be extensive, depending on social media settings, to prepare a socially-engineered attack.

    Next, they contact the employee by phone, either using VoIP (voice over internet protocol) to remain anonymous or by “spoofing” a company number and making it appear that the call is coming from within the organization. In the conversation with the employee, they may pretend to be a member of the company’s IT team, or another authorized individual, and indicate that they need the employee to log in to a “new” VPN connection. If this vishing campaign is successful, the employee will enter their credentials, including any required two-factor authentication information, into the visher’s cloned page and send this information directly to the unauthorized party. In turn, this gives the visher more access to company data, which could enable additional vishing campaigns or a ransomware attack.

    Federal authorities recommend several tactics for thwarting vishers. Monitoring domains with the corporate name could reveal copycat sites early. Restricting VPN access to particular hours could reduce the risk of unmonitored, after-hours “exploration” of your company data by hackers. Limiting employee access to sensitive information and monitoring activity on company servers could minimize the damage caused by successful vishing. Employees, for their part, can be instructed to verify the spelling of web links, to be alert to unsolicited phone calls, and to bookmark the correct VPN URL.

    If you may have been the victim of a vishing campaign, you wish to update your WISP to account for this risk, or you have additional questions about how a remote work environment can impact your legal obligation to safeguard personal information, please contact a member of Bulkley Richardson’s Cybersecurity Practice Group.

    Lauren Ostberg

    [email protected]

    413-272-6282

    Jim Duda

    [email protected]

    413-272-6284

    Michael Roundy

    [email protected]

    413-272-6254

    David Parke

    [email protected]

    413-272-6257

    Scott Foster

    [email protected]

    413-272-6258

    Sarah Willey

    [email protected]

    413-272-6228

    https://bulkley.comhttps://bulkley.com/professionals/ostberg-lauren-c/mailto:[email protected]:413-272-6282https://bulkley.com/professionals/duda-james-c/mailto:[email protected]:413-272-6284https://bulkley.com/professionals/foster-scott-w/mailto:[email protected]:413-272-6258https://bulkley.com/professionals/roundy-michael-d/mailto:[email protected]:413-272-6254https://bulkley.com/professionals/parke-david/mailto:[email protected]:413-272-6257https://bulkley.com/professionals/willey-sarah/mailto:[email protected]:413-272-6228


Conveyancing Scams

Conveyancing Scams

Documents
Banking scams

Banking scams

Technology
Avoid #Obamacare Scams

Avoid #Obamacare Scams

Education
Scams 0710

Scams 0710

Documents
Telgi Scams

Telgi Scams

Documents
Indian Scams

Indian Scams

Documents
Feds Warn of Vishing Threat...years of experience conducting and managing IT Governance, Risk, and Compliance assessment and audits in the areas of PCI, HIPAA, FFIEC, NIST 800-53,

Feds Warn of Vishing Threat...years of experience conducting and managing IT Governance, Risk, and Compliance assessment and audits in the areas of PCI, HIPAA, FFIEC, NIST 800-53,

Documents
FAKE WEBSITES SCAMS IN OPEN ACCESS PUBLISHING A Rising Threat to the Integrity of Open Access Publishers, Writers & Institutions

FAKE WEBSITES SCAMS IN OPEN ACCESS PUBLISHING A Rising Threat to the Integrity of Open Access Publishers, Writers & Institutions

Documents
VARNING FÖR PHISHING, SMISHING OCH VISHING HETA … · 2018. 12. 12. · Smishing är en variant där meddelandet med länken istäl-let går via sms. Vishing innebär att någon

VARNING FÖR PHISHING, SMISHING OCH VISHING HETA … · 2018. 12. 12. · Smishing är en variant där meddelandet med länken istäl-let går via sms. Vishing innebär att någon

Documents
Little Black Book of Scams - comporehensive version · scams that target Australians and teach you some easy steps you can take to protect yourself. Scams do not discriminate Scams

Little Black Book of Scams - comporehensive version · scams that target Australians and teach you some easy steps you can take to protect yourself. Scams do not discriminate Scams

Documents
Accounting Scams

Accounting Scams

Documents
Gold Scams

Gold Scams

Business
SCAMS 101: How to Protect Yourself From Scams

SCAMS 101: How to Protect Yourself From Scams

Documents
Corporate scams

Corporate scams

Documents
Student's Guide to Fraud Scams · 2. Student Tax Scams For several years, IRS scams have been affecting individuals across the United States. Tax scams tend to increase around tax

Student's Guide to Fraud Scams · 2. Student Tax Scams For several years, IRS scams have been affecting individuals across the United States. Tax scams tend to increase around tax

Documents
Identifying and Avoiding Scams 1. What a scam is Why scams work Types of scams Warning signs of scams Building scam defenses What We’ll Discuss 2

Identifying and Avoiding Scams 1. What a scam is Why scams work Types of scams Warning signs of scams Building scam defenses What We’ll Discuss 2

Documents
Rich Dad Scams: 8 Financial Scams Disguised as Wisdom

Rich Dad Scams: 8 Financial Scams Disguised as Wisdom

Economy & Finance
Facebook Scams

Facebook Scams

Technology
Casting a Wide Net · computer has been infected by a virus. Being Vished? Here’s What to Do. Each tax season, vishing makes the IRS’s “Dirty Dozen” list of scams targeting

Casting a Wide Net · computer has been infected by a virus. Being Vished? Here’s What to Do. Each tax season, vishing makes the IRS’s “Dirty Dozen” list of scams targeting

Documents
Franchise Scams

Franchise Scams

Documents
You can also contact the Department to request a Elder and ... · ∗ IRS Scams ∗ Securities/Investment Scams ∗ Romance Scams ∗ Lottery Scams ∗ Tech Support Scams According

You can also contact the Department to request a Elder and ... · ∗ IRS Scams ∗ Securities/Investment Scams ∗ Romance Scams ∗ Lottery Scams ∗ Tech Support Scams According

Documents
Phishing, Vishing, & Smishing€¦ · Phishing, Vishing, & Smishing: How can I protect my business from these threats? Tonia Dudley ... anticipating a rise in BEC schemes related

Phishing, Vishing, & Smishing€¦ · Phishing, Vishing, & Smishing: How can I protect my business from these threats? Tonia Dudley ... anticipating a rise in BEC schemes related

Documents
Financial Scams

Financial Scams

Documents
Scholarship Scams Avoiding Scholarship Scams, Phishing & Identity Theft at All Cost

Scholarship Scams Avoiding Scholarship Scams, Phishing & Identity Theft at All Cost

Documents
Scams & Schemes

Scams & Schemes

Documents
Holiday scams

Holiday scams

Technology
Consumer Scams - Montgomery County Maryland · PDF fileConsumer Scams Common Scams ... Common Investment Scams ... Bogus charities frequently use names that resemble those of well-known,

Consumer Scams - Montgomery County Maryland · PDF fileConsumer Scams Common Scams ... Common Investment Scams ... Bogus charities frequently use names that resemble those of well-known,

Documents
1. Ponzi Schemes/Scams 2. Pyramiding Schemes/Scams

1. Ponzi Schemes/Scams 2. Pyramiding Schemes/Scams

Documents
Surya scams

Surya scams

Business
Targeting scams—Report of the ACCC on scams …scams...Binary options 23 Forex trading 24 3.2Chinese authority scams 26 3.3 Elaborate remote access scams27 3.4 Scams and cryptocurrencies

Targeting scams—Report of the ACCC on scams …scams...Binary options 23 Forex trading 24 3.2Chinese authority scams 26 3.3 Elaborate remote access scams27 3.4 Scams and cryptocurrencies

Documents