FBI Warns About Vishing Attacks

FBI Blogs | IEMLabs

The Federal Bureau of Investigation (FBI) has raised its voice of concern about the ongoing vishing attacks on US based international companies where cybercriminals are trying to steal corporate account credentials for network access and privilege escalation. Vishing (also known as voice phishing) is a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward.

The attackers told the employees to login to a phishing webpage so that they can steal their usernames and passwords and gain access to the company’s network. Once they gained access to the company’s network, the threat actors gained greater network access than expected allowing them to escalate privileges using the compromised employees’ accounts.

The FBI has sent notifications to well-established companies alerting them about the vishing attacks. Amid the pandemic situation, vishing activities have increased at a rapid rate. This is the second warning issued by FBI alerting about active vishing attacks targeting companies from several US industry sectors.

In order to avoid this type of phishing attacks, the FBI shared has advised the companies to implement multi-factor authentication (MFA) for accessing employees’ accounts in order to minimize the chances of an initial compromise. Active scanning and monitoring for unauthorized access or modifications must take place to detect a possible compromise in order to prevent or minimize the loss of data. To control the flow of network traffic Network segmentation should be implemented to break up one large network into multiple smaller networks which allows administrators.

By Hrithik Lall

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!