Authorities saw a slight increase in phishing campaigns after the pandemic forced companies to move work home.
Andreveal The Federal Bureau of Investigation (FBI) and the Cyber and Infrastructure Security Agency (CISA) reported the increase in phishing campaigns in Consulting Shared Cybersecurity, which provides businesses and users with a list of tips on how to protect themselves against fraud.
And part of the counseling says: The (COVID-19) pandemic has caused a mass shift to work from home, increasing the use of corporate VPNs and excluding personal verification, which could partly explain the campaign’s success.
The advisory added, “Similar campaigns before the epidemic targeted telecommunications and Internet service providers exclusively with these attacks, but the focus has recently expanded to include more indiscriminate targeting.”
The advice was published shortly after Krebs on Security announced that a group of cybercriminals were marketing a phishing service that used private phishing sites and social engineering techniques to steal VPN data from employees.
Although the agencies did not confirm the report, they said: The cybercriminals began a phishing campaign in mid-July 2020.
They also described a similar scheme Location (Krebs on Security): The attackers registered domains using the names of the targeted companies and then duplicated their internal VPN login pages.
The criminals used VoIP numbers at first, but later began using fraudulent numbers from victims’ co-workers and other offices within their company.
Hackers tend to target new employees and pretend they are new IT employees, and they also create fake pages on the LinkedIn platform to gain the trust of victims.
In order to be as believable as possible, they compile files on the target company’s employees. The files contain information gathered from public personal files, marketing tools and security checks available to the public.
After the cybercriminals convince the victim that they are part of their company’s IT team, they send them a fake VPN link that requires their login.
Employees approve two-factor authentication requests on their phones, believing they got it because they gave fake IT employees access to their accounts.
Once they enter the company’s network, they dig into the personal information of customers and employees to benefit from it in other attacks, and they exploit their attacks using various methods.
The method used depends on the company, the agencies said, but is usually very aggressive with a tight schedule.