Phishing attacks are clearly a pain in the neck, and they have been rising constantly.
Voice phishing or vishing attacks witnessed a rise where attackers are using employee names to lure targets into sharing login credentials and data over the phone. The attacks involve the threat actors imitating company representatives from the legal, HR, or IT departments. Subsequently, they use social engineering to gain victim credentials and later, use them to deliver malware.
What does this imply?
Vishing calls are direct, thus, implying that the information channel is controlled by the attackers and targets are under tremendous pressure. Moreover, these attacks aid hackers with reconnaissance, where they get to learn about their targets. Lastly, voice phishing attacks are at the heart of cyberattacks, including deceiving victims into giving away their 2FA codes.
Other phishing attacks
- A phishing campaign that used to deliver TrickBot’s BazarLoader malware has switched to installing a new malicious PS script. The phishing emails impersonate the legal or HR department regarding customer complaints or termination of the recipient’s employment.
- Scammers targeted two cryptocurrency platforms by gaining access to domains managed by GoDaddy. The employees fell victim to a series of social engineering scams.
- The U.K’s HMRC identified a 73% rise in email phishing attacks over the past 6 months.
The bottom line
The conditions laid by the COVID-19 pandemic has changed the ways of business. With most of the workforce working from home, corporate resources are being made available via VPN and RDP connections. This has offered cybercriminals a plethora of opportunities for phishing attacks.