Blog

Phishing is a Threat, Even By Phone

Phishing is a Threat, Even By Phone

Telework has become crucial for businesses to sustain themselves right now, as remote work became a hard and fast requirement in the face of the coronavirus. However, if businesses aren’t careful, they could trade one issue for another in exposing themselves to security threats.

Let’s take a few moments to discuss one threat that many are facing: voice-based phishing, or vishing.

Federal Agencies Have Sounded the Alarm

Both the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have called attention to this variety of phishing. By calling a targeted victim, rather than sending an email or another kind of correspondence, an attacker can potentially pull the wool over their target’s eyes by using a less-expected attack strategy.

Those who are working from home are being targeted by a vishing campaign intended to acquire the access credentials needed to get into corporate networks. Once these credentials are obtained, the cybercriminals responsible can turn around and sell this access to others for their nefarious use.

How These Attacks Are Presenting Themselves

By registering lookalike domains to pose as a company’s actual resources, cybercriminals set themselves up to steal company credentials. These domains can be extremely convincing, often structured in the following ways:

  • support-[company]
  • ticket [company]
  • employee-[company]
  • [company]-support

As these pages replicate a company’s login page to their virtual private network, unwitting users are more likely to enter their credentials. This means that the attacker is then able to capture these credentials—including multi-factor authentication codes—and use them to gain access to the targeted business’ network.

Once these facsimile pages are completed, criminals then do some digging into a company to learn more about their employees. A profile is constructed, with the name, address, phone number, job title, and even length of employment for each employee included. Using this data, a hacker can call their target through a spoofed number and send them to their fraudulent VPN webpage.

This gives the hacker the means to access an employee’s work account, enabling them to collect more data for further phishing efforts or other data theft efforts. These attacks are now being directed to the team members that are currently working from home, making it even more important for your employees to be able to recognize the signs of phishing.

How to Identify Phishing Scams of All Kinds

  • Exercise caution when dealing with unsolicited calls, voicemails, and any other messages from those you don’t know. If you can, double-check that the person is who they claim to be through another means of communication.
  • Double-check the number of a suspected vishing caller, as well as any Internet domains you may be told to navigate to.
  • Avoid visiting any websites that a caller recommends without good reason to trust their legitimacy.

White Mountain IT Services is here to help you with an assortment of your business’ IT needs and concerns, including your cybersecurity. Give us a call at 603-889-0800 to learn about the services and solutions we can put in place on your behalf.

Related Posts

Windows 95 changed the way that consumers saw personal computing, and it heavily influenced future versions of Microsoft’s Windows operating system. Over twenty years later, you can expect to see significant changes and improvements, to the point whe...
Small business owners are always on the lookout for that “special something” that will bring added value to their offering. In 2020, with COVID-19 sticking around, it has been difficult for businesses to commit to any new investments. To keep revenue...
Replacing your aging or broken-down hardware is a part of doing business, and one that few business owners want to think about before it must be done. Hardware is expensive and tricky to replace without experiencing at least some downtime. That’s not...
In the last few months, there have been several high-profile data security breaches that resulted in the theft of millions upon millions of non-public information records. Though much of the focus in the aftermath of the breaches was on personal iden...
When was the last time you provided your business with improved technology that offers a great return on investment? If your business is using software and hardware that hasn’t been updated in several years, the same technology that’s necessary for y...
Budgeting anything can be difficult, but with many business’ organizational reliance on information systems, finding the money to get your IT initiatives off the ground can be a challenge. That hasn’t stopped the IT sector growing fast. In fact, IT s...
A surprising number of security issues come from inside your organization. User error on the part of the employee can present major problems for your workflow, data security, and the integrity of your business. User error could be something as simple...
Businesses can benefit from the use of personal mobile devices in the workplace, yet there are also potential dangers in allowing mobile and Internet of Things devices to access your network. In order to reduce these dangers, you need to put some lim...
Over the past several months, while watching the news or reading about business and technology, you’ve probably encountered a few words, such as ‘ransomware’ ‘exploit weakness’, and ‘security patch’. These terms are used often, and you may be confuse...
As you may expect, the average Internet scammer isn’t above resorting to dirty tricks to claim their ill-gotten prize from their victims. A recent scam demonstrates just how dirty these tricks can truly be, and unfortunately, how ill-prepared many ar...
If you’ve watched the news lately, chances are you’ve seen the Equifax breach and the ridiculous fallout it has caused. Over 133 million personal records have been stolen. While it’s difficult not to feel individually victimized by such a breach, it’...
If you’re in the market for a new computer, then you’re going to have to make a decision: Go with a traditional hard drive (HDD), or a solid state drive (SSD). While a computer equipped with an HDD will cost you less money, an SSD promises to faster ...

Onsite Service Coverage Area

Although we provide remote services and support to businesses in over 20 states, onsite services are limited to within reasonable driving distance from our office in NH.  For locations outside of our service area, we will manage a local vendor to provide onsite assistance when needed.

 

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH, and then down into Boston. From Northern and Central Mass, we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

White Mountain IT Services
33 Main Street, Suite 302
Nashua, New Hampshire 03064

 

603-889-0800

map nashua4 1

 

Open Positions