COVID Pandemic and the Rise of Vishing Scams

COVID Pandemic and the Rise of Vishing Scams

am
Hi, we have been trying to reach you about your car’s extended warranty…
You may owe thousands of dollars to the IRS…
 
Respond now to receive your cash prize!!!
 

 






We have all received calls like these. For the most part, we recognize them for what they are: SCAMS. People that are just trying to get your information or trick you into sending them money. They will hit you via emails, text messages, and even phone calls. With the pandemic forcing businesses to embrace remote workers, they must rely heavily on telecom and VPNs; what a perfect opportunity for these scammers to go after these businesses.

According to the FBI warning released in January 2021, “During COVID-19 shelter-in-place and social distancing orders, many companies had to quickly adapt to changing environments and technology. With these restrictions, network access and privilege escalation may not be fully monitored.”

And with that, we have seen a rise in phishing practices, specifically Vishing, to gain access and cause significant financial damages for these companies. So, what are these scammers looking for, and how are they getting it?

What is Vishing, and What Are They Looking For?

Vishing is the scam practice of phishing for information over the phone or voice-phishing. The term is a combination of “voice” and “phishing.”

With a good portion of the workforce moving to remote work and local networks needing to be accessed from all over, voice actors have figured out that they can essentially blast a company to gather all the information they need to take businesses down.

These voice actors try to gain personal information by pretending to be calling from a trusted source, such as your bank. They will try to get you to disclose information or get you to log into a vishing webpage where they can get a snapshot of your credentials to use, share, or sell later.

vishing scams


So How Do They Do It?

  1. First, they find your company and decide to target you by masking their caller ID. They may be clever enough to find a vendor you use or may use in the future based on your industry to build that immediate trust. If it is a reseller you do business with, the correct caller ID is displayed. Why would you question that?
  2. Next, they will try to make you comfortable. Maybe ask some slightly prying questions, or ask you to try to log in on “this new site,” where they are capturing your login credentials. Anything they can do to gather as much information they can. To figure out your specific access to your companies’ network or accounts. That information can be anything from addresses to direct phone numbers of decision-makers, user credentials, and social security numbers.
  3. Then they will call your coworkers and do the same thing to get broader information on access. They might even be able to gain access to the permission holder’s log, allowing them to make changes to the account, blocking your company entirely.
  4. Then they will call your coworkers and do the same thing to get broader information on access. They might even be able to gain access to the permission holder’s log, allowing them to make changes to the account, blocking your company entirely.

The initial conversation they have with you may take only a matter of minutes. But it can be just long enough to get what they need and hang up, seemingly harmless at the moment but having severe consequences.

How to Recognize and Protect Yourself and Your Company

Vishing scammers know where to look for weak spots in security. Help desk or customer support employees are there to help and do what they can to assist, making them easy to exploit. They may call up as a customer and mumble their way through the verification process. Or they may call up pretending to be tech support trying to fix an issue only they see on the back end. They will use any and every tactic they can.

What can you do:
  • It wise to be skeptical, especially during a pandemic. If you get an unexpected or unsolicited call from someone you do not know, you don’t have to speak with that party. If it doesn’t feel right, it probably isn’t. So don’t give in to pressure or a contrived urgency from people you don’t know, especially if it has anything to do with private or secure information.
  • Watch out for the types of questions they ask you. If the caller claims to be from a company or vendor you work with closely but is not a name you recognize, don’t respond to their questions. Instead, take their name, hang up and call your direct contact for that company or vendor and ask them about it. They will tell you if the caller was legitimate or if the person calling even works for their company.
  • If they call to help with a technical issue that only they see, do not share any information. Hang up and verify with your company’s IT team or a supervisor who would be able to confirm.
  • Pay attention if they ask you to go to a website you don’t usually go to or is slightly off from the one you usually log in to. Vishers may try to send you an email with a link; pay close attention to the email address it is coming from. It may only be a character or two off from one you usually recognize. Don’t click any links or open any attachments that you are not expecting.

Scammers will never go away; they just change their techniques to match the changing technology. Be sure to protect yourself from these tactics. Remember:

  • Be wary of anyone calling you that you don’t recognize.
  • If you do find yourself questioning what kind of information you just gave someone, reach out right away to whoever oversees your network security and let them know.
  • Be sure to change any passwords you may have inadvertently or directly given someone over the phone.
  • Stay calm. If you suspect this is happening, don’t discuss anything company-related without explicit permission from your company.
  • Ask questions, request verification, and protect yourself and your company. Taking these precautions can help ensure that you won’t fall victim to these Vishing scams.