Excerpted from Lexology by Sheppard Mullin Richter & Hampton LLP
As if 2020 hasn’t caused enough hardship and headaches for employers already, the FBI and U.S. Cybersecurity Infrastructure Security Agency (“CISA”) recently issued a joint Cybersecurity Advisory Alert warning employers about the rise in voice phishing, or “vishing,” scams targeting remote workers.
With the mass shift to large-scale work-from-home environments, cybercriminals and hacker groups are employing increasingly creative tactics to take advantage of weakened security protocols and overly trusting employees. Before the pandemic and the sudden increase in remote workforces, vishing scams were not uncommon. However, they were largely targeted at vulnerable individuals and/or via personal attacks, such as a phone call seeking bank or credit card account information for a “compromised” account, calls from the “IRS” to verify an individual’s Social Security number, or targeted Medicare and Social Security scams.
Since July 2020, vishing scams have evolved into coordinated and sophisticated campaigns aimed at obtaining a company’s confidential, proprietary and trade secret information through the company’s virtual private network (“VPN”) with the help of the company’s own employees. VPNs are widely used in the current telework environment and intended to be a secure platform for remote employees to log into their company’s network from home. Many companies use VPNs because it not only provides a secure remote connection, but also allows the company to monitor employees’ activity on the network and supposedly detect security breaches.
For entire article click here