Vishing increases and finds another nest of opportunities in teleworking

Technology has made life easier for us in many aspects: household chores, mobility, health, safety, communications… even the way we work “has undergone” important transformations. If your main tool is the computer, you have already had to experience teleworking in this 2020 of constant adaptations.

50% of all jobs could be developed from home in the year 2030, as we told you in this article, and although it sounds phenomenal due to the associated advantages, there are not few risks it poses for businesses.

Phishing tricks aimed at companies have not stopped evolving, and we find many examples on the Internet that attest to their success. The debugging of the technique has made identity theft an increasingly common habit within the world of cybercrime, also being complemented by vishing, a variant that replaces email with phone calls.

The Check Point company recently warned of an increase in vishing attacks targeting those who work outside the office. This increase is not accidental: teleworking exposes us to a myriad of vulnerabilities that we may not be sufficiently aware of. The communications with managers, coordinators, supervisors, etc. that took place face to face are now given by email or by phone, are you able to identify them, or could you fall into a trap without hardly realizing it?

Keys to employee vishing scams

Check Point explains the process that attackers follow to collect sensitive data and that we could summarize in three phases:

1. They gather information from the company and its employees, especially those they are going to impersonate. LinkedIn is usually an interesting source for them.

2. They call the company's support center posing as an employee to ask for the phone numbers of other workers.

3. They pose as a superior, usually from the Human Resources, Finance or Legal departments, and contact their victims. They know them all to gain your trust.

Social engineering has opened a world of possibilities that jeopardizes the security of entities. Those affected by the ERTE in the province of Zamora received calls during the month of March in which the issuers posed as SEPE officials to steal their bank accounts. In La Rioja, during the spring, the National Police collected several complaints from shop employees who received calls requesting financial transfers. This same summer, in the USA, the FBI alerted of telephone frauds directed to employees. It is not a hypothesis: vishing is the order of the day.

To avoid this, we recommend reading this article from the Internet Security Office, where we are mainly advised to distrust unknown numbers and check the authenticity of the call to guarantee our safety and that of the company for which we work.

Previous Post Next Post