“Vishing” Threat To Employees Working At Home

The modus operandi isn’t new, but the goal has evolved and is more insidious. Before the pandemic, vishing (voice phishing) mainly went after a single victim, trying to wheedle a social security number or essential bank or credit card information. But now, with many corporate employees working from home, a more refined variation can put an entire company at risk. The phone call is likely preceded by extensive research on the target’s social media profiles, and it may employ a spoof of the company’s own VPN login page and the company’s security protocols. Once the groundwork is laid and the system is penetrated, a ransom demand, loss of trade secret information and liability for a security breach may follow. This law firm post includes a link to a joint advisory document from the FBI and the U.S. Cybersecurity Infrastructure Security Agency (CISA) with further details, including suggested “mitigations” and end-user tips.