The FBI is warning that hackers are increasingly using voice phishing, or vishing, to target remote workers as a way of harvesting VPN and other credentials to gain initial access to corporate networks.
Over the last year, the FBI says, hackers have targeted employees at U.S. and international corporations that use VoIP services through vishing techniques and other types of social engineering attacks.
"After gaining access to the network, many cybercriminals found they had greater network access, including the ability to escalate privileges of the compromised employees' accounts, thus allowing them to gain further access into the network often causing significant financial damage," the FBI notes in an alert.
In another warning issued in August 2020, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency warned that hackers were using vishing techniques to target remote and at-home employees (see: Alert: Vishing Attacks Are Surging).
Examples of Techniques
The latest FBI alert describes several incidents where hackers successful used social engineering techniques to target employees.
In one case, hackers targeted U.S. and international employees of an organization and used vishing techniques to collect VPN credentials.