VISHING: the new wave of attacks directed at Teleworking


The amalgamation of “Voice over IP (VoIP)” and “ P hishing results in the term Vishing, used to describe a recurring scam over the phone and now aimed at remote workers. The goal? Make the victim share sensitive personal information.

Faced with the challenges to society raised by the COVID pandemic – 19, part of the workforce was forced to change their paradigm and work from home. However, scammers have also adapted their methods, aiming at teleworking.

Attempting to scam through phone or video call

Teletrabalho Vishing
Vishing attacks target teleworkers.

The alert was given by investigators from the cybersecurity agency Check Point, reporting a substantial increase in this type of attacks. Although not new, the scheme has again taken on worrying proportions with part of the telecommuting population.

With the simple and pernicious goal of getting people to share personal information, and more seriously, bank details among other confidential details, the scheme is more sophisticated. According to the report of the agency in question, the attacker pretends to be representatives of several companies, especially in the area of ​​finance, or human resources departments.

The decoy is thus launched and powered by social engineering tactics to wear down the victim and make him share the targeted access credentials. These, the agency warns, can range from authentication data in the company, but generally deal with bank information and data.

Once attackers gain access to the necessary information, they do not waste time in accessing bank accounts, especially by homebanking , subtracting the money, or even to install malware on the victim’s Device.

Growing attack since August 2020

Teletrabalho Vishing
The attack can arrive via email (phishing), call (vishing) or SMS.

In view of Check Point’s conclusions, since last August there have been more attacks by vishing , focusing mainly on employees who are teleworking. A universe of potential victims, unfortunately, growing.

The wave of attacks registered first in the United States of America, but it has been spreading with more countries and regions reporting similar cases. Among the most desirable data, login credentials for corporate networks and work sessions have grown significantly.

risks associated with teleworking

Impersonation or usurpation of identity is one of the greatest threats that make employees in remote work more susceptible, with attackers to gather a wide range of prior information in order to convince the victim.

They do so to gradually gain the target’s confidence and make him think he is talking to a co-worker, or department supervisor. At other times, they present themselves as new collaborators, wanting to get to know other colleagues, and for that purpose they can ask for the telephone contact to “streamline future contacts”.

The scam can also take on more contours familiar with the request to install the TeamViewer tool – remote work management software. To this end, the miscreant will claim several reasons, among which help in finding the necessary information.

All this, of course, is nothing more than an attempt to obtain access to the business platform, or network.

5 precautions to be taken to avoid attempts at vishing

ExpressVPN segurança adicional

1. Be careful with unsolicited calls . Note the number of the caller and, if appropriate, advise that you will call back. At the same time, we announce some caller IDs that can shed light on the subject.

2. Use a good VPN while teleworking . Especially when using public Wi-Fi networks, or when working from home and wanting to add an extra protection barrier, we recommend ExpressVPN, the market leader and with the most advanced security technologies.

3. Do not assume a call from someone previously unknown as genuine . The interlocutor can do a previous investigation to collect various data and convincing information. If in doubt, check with your employer.

4. Under no circumstances share passwords and PINs. Sensitive information about credit cards, authentication data in the email or access data to the company account / telework platform.

5. If in doubt, report the call. Share the suspicious case with the authorities, hierarchical superiors, or customer support lines of banking institutions.

Androidvillaz editors recommend:

  • The 10 The best phones Xiaomi you will want to buy!
  • League of Legends: LoL Wild Rift is now available on the Google Play Store
  • Sexta-feira Negra: 13 gaming products with discounts up to 50 % you have to see

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top