Compliance » “Vishing” Threat To Employees Working At Home

“Vishing” Threat To Employees Working At Home


September 4, 2020

The modus operandi isn’t new, but the goal has evolved and is more insidious. Before the pandemic, vishing (voice phishing) mainly went after a single victim, trying to wheedle a social security number or essential bank or credit card information. But now, with many corporate employees working from home, a more refined variation can put an entire company at risk. The phone call is likely preceded by extensive research on the target’s social media profiles, and it may employ a spoof of the company’s own VPN login page and the company’s security protocols. Once the groundwork is laid and the system is penetrated, a ransom demand, loss of trade secret information and liability for a security breach may follow. This law firm post includes a link to a joint advisory document from the FBI and the U.S. Cybersecurity Infrastructure Security Agency (CISA) with further details, including suggested “mitigations” and end-user tips.

Read full article at:

Share this post: