Because of the dramatic rise of the number of at-home workers, one method that has become increasingly common over the past few months are vishing attacks, executed via phone calls.
Cybercriminals obtain personally identifiable information in one of three ways: 1. Social Media, 2. Password Dumps from data breaches 3. Search Engines – An individual’s name, address and photo of signature can often be found online via local government public records sites
On the surface, it might seem like vishing attacks are a consumer problem only. But, in reality, businesses can be impacted too – especially now, as a significant portion of employees across the country are working from home.
Vishing attacks are designed to build relationships with employees, eventually convincing them to give away confidential information, or to click on malicious links that are sent to them by the visher, who has earned confidence as a “trusted source.” As with other social engineering attacks, the ultimate goal is to gain access to corporate networks and data, or to get other information that can be used to commit fraud.
So what can business owners do?
- Employee Training – explain what vishing is, how cybercriminals obtain personal information, and how they’re exploiting the COVID-19 pandemic to trick victims.
- Better Security – Web filters, antivirus software, and endpoint detection and response solutions are examples of the types of standard security controls that should be implemented
- Better Password Policies – policies must be defined and communicated to employees
- MFA – Multi Factor Authentications
If you business would like to do a Security Review please contact us on 281-647-9977 or schedule an appointment