While "vishing" is by no means a new threat, it's not something that has ever happened with sufficient frequency to get most people's attention. So, if you haven't heard the term before, you're not alone.

"Vishing" is short for voicemail phishing, and it is apparently on the rise based on data collected by the security firm Zscaler. Attackers are specifically targeting tech firms and US military installations.

No actual voice mails are involved, which is interesting.  What the attackers do is send emails with links that supposedly point the way to voicemail messages stored on LinkedIn, WhatsApp, or other services. The idea behind the attacks are is to trick an unsuspecting recipient into disclosing his or her Outlook or Office 365 credentials.

To make their credential capture page more convincing, the attackers have even taken to deploying a CAPTCHA system, which makes the page look just annoying enough to be legitimate.

A spokesman for Zscaler had this to say about the company's recent discovery of the surge in vishing attacks:

"Voicemail-themed phishing campaigns continue to be a successful social engineering technique for attackers since they are able to lure the victims to open the email attachments. This combined with the usage of evasion tactics to bypass automated URL analysis solutions helps the threat actor achieve better success in stealing the users' credentials."

The folks at Zscaler have a point. If your employees haven't been made aware that this kind of attack is not only possible but growing in popularity in certain sectors, make sure they know what to be on the lookout for. Kudos to the sharp-eyed folks at Zscaler for spotting the trend.

We may not be able to keep hackers from making the attempt. However, if we can warn enough people about the tricks they're using, we can frustrate their efforts and that's a good start.

About the Author

Marty Parker

Marty Parker
Owner & General Manager

Marty is the Owner and General Manager of Heritage Digital. Marty has managed and built high-performing IT teams for over 30 years. He served 13 years in the manufacturing industry and 13 years in corporate-owned healthcare organizations. Before acquiring Heritage Digital, Marty was the Chief Information Officer of Carolinas Hospital System (now MUSC Health Florence Medical Center) in Florence, SC. Marty is passionate about educating and protecting people against cybercriminals.

Used with permission from Article Aggregator