How to Protect Your Business From Voice Phishing

Voice phishing, or vishing, incidents have risen significantly in the United States since July 2020. On August 20, 2020, the Federal Bureau of Investigation (“FBI”) and the Cybersecurity and Infrastructure Security Agency (“CISA”) released a Joint Cybersecurity Advisory, describing cybercriminals’ attempts to extract sensitive information from employees as a targeted “campaign.”

According to the FBI and CISA, cybercriminals increasingly engage in vishing by contacting employees on their personal cellphones and directing them to clarify their login information. The rise in teleworking since the emergence of the COVID-19 pandemic increased the widespread use of virtual private networks (“VPN”), which allow remote employees to log in to the same system. Businesses benefit from using VPNs to supervise and direct access to their databases. However, once a cybercriminal has obtained an employee’s login information via vishing, this login information can then be used by cybercriminals to access the VPN. Once cybercriminals have access to the VPN, they can mine the targeted business’ databases for customers’ personal information, as well as other valuable information, and then monetize the data breach through blackmail, for instance.

 In order to protect your business from vishing, the FBI and CISA advise the following:

• Restrict access to VPN during certain hours
• Train employees to be suspicious of unsolicited phone calls
• Advise employees to limit the amount of personal information posted on social media
• Verify web links do not have misspellings or contain the wrong domain
• Bookmark the correct VPN URL and do not visit other URLs on the sole basis of an inbound phone call

Caitlin Becker | Law Clerk – BridgehouseLaw

For more information on how to protect your business from vishing attacks, click here.

For more of our blogs, click here.

Follow us on social media!