Increased phishing campaigns due to the Corona epidemic |
After the pandemic forced companies to relocate their jobs in the country, authorities saw a slight increase in phishing activity.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have announced increased phishing activity during joint cybersecurity consultations, which provide companies and users with a range of information online to protect yourself from fraud. Suggestions.
Part of the consultation states: The pandemic (COVID-19) has led to intense work from home, which has increased the use of VPNs for companies and excluded personal verification, partly resulting in the success of the campaign can be explained.
The consultancy added: "Before the pandemic, similar campaigns were specifically targeting the targeted telecommunications and internet service providers. However, the focus has recently expanded to include more indiscriminate attacks."
The recommendation came out shortly after Krebs on Security announced that a group of cybercriminals were marketing a phishing service that used private phishing sites and social engineering techniques to steal VPN data from employees.
Although these agencies did not confirm the report, they said that the cyber criminals started phishing activities in mid-July 2020.
It also describes a scenario similar to the one reported by Krebs for security reasons: An attacker registers the domain with the name of the target company and then copies the login page to the internal VPN.
The criminals first used VoIP numbers, but then they started using fraudulent numbers from the victim's colleagues and other company offices.
Hackers tend to target new employees and impersonate new IT employees. They also create fake LinkedIn pages to gain victims' trust.
To be as believable as possible, they compiled files on the target company's employees which included information from publicly available profiles and marketing tools and security reviews available to the public. .
Cyber criminals convinced the victims that they were from the company's IT team and then sent them a fake VPN connection asking them to connect.
Employees agreed to the two-factor authentication request on their phones because they allowed the fake IT employees to access their accounts so they believed the request was met.
Once on the company’s network, they search for the personal information of customers and employees to benefit from further attacks and then use various methods to exploit their attacks.
These agencies say the method used depends on the company but is usually very strict and the schedule is tight.