Last month, the US Federal Bureau of Investigation issued an advisory to employers worldwide about the latest tactic that evolved from email phishing attacks. Phishing scams typically lure recipients into clicking a malicious link, downloading a malicious file, or entering login credentials into a fake portal for criminals to capture the data and gain access to the employer’s network.
Vishing, on the other hand, doesn’t just rely on emails or text messages. Criminals have been going the extra mile by impersonating real employees during an actual voice call.
“During the phone calls, employees were tricked into logging into a phishing webpage in order to capture the employee’s username and password,” the FBI said.
After using the stolen credentials to break into the network, the attackers allegedly discovered they could further adjust the security privileges of other accounts. This gave them deeper access into the system and a greater chance of dealing “significant financial damage” on the company, the FBI said.
Read more: Never recycle old passwords, security experts warn