As we previously blogged, the rise of telework during the COVID-19 era has coincided with a rise in cybercrimes such as “phishing” and “pharming.” Small businesses that do not have large cybersecurity budgets have been especially vulnerable to these practices during the pandemic, because they rely on their employees to work from home using their own computers and wireless networks. Employers and employees should now be on the lookout for the latest trend in cybercrime: “Vishing.”
The FBI defines vishing as “a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward.” According to the FBI and U.S. Cybersecurity Infrastructure Security Agency, incidents of vishing scams have risen dramatically over the summer. The goal of these scams is to gain access to a business’ virtual private network (VPN), which are used by companies to allow employees to securely access the employer’s network from a remote location. Hackers do this by making phony calls to employees claiming to be from IT and telling the employee that the company has switched over to a new VPN. In the process of “switching” their victims over to the non-existent new VPN, the hacker will ask for their credentials and gain access to the real VPN.
A related form of cybercrime called “smishing” involves a similar scam to gain access to VPN’s, but instead relies on text messages.
The FBI has issued an alert with the following tips to avoid vishing and smishing scams:
- Make sure that links do not have misspellings before clicking them
- Bookmark your VPN URL and never visit an alternative URL without confirming that your employer has in fact switched to a new VPN
- Employers should educate their employees on the dangers of vishing and smishing, and instruct them never to give out information to strangers over the phone
- Employees should be wary of unsolicited phone calls and text messages
- Limit the amount of personal information you post on social media, as hackers can leverage this information against you
Follow us on: