FBI, CISA warn of ‘voice phishing’ campaigns

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency on Thursday warned the private sector of a “voice phishing” campaign in which cybercriminals call up corporate employees to get them to hand over login credentials. In a campaign that began in mid-July, unidentified attackers used stolen credentials to scour corporate databases for personal information they could monetize and use in other attacks, the FBI and CISA alert said. In some cases, the attackers “posed as members of the victim company’s IT help desk, using their knowledge of the employee’s personally identifiable information…to gain the trust of the targeted employee,” the advisory says. The warning caps a month in which cybercriminals have been rampantly employing “vishing,” as the voice phishing technique is known, to try to steal money. The attackers who took over celebrity Twitter accounts in July to mine bitcoin did so through “vishing.” Florida police arrested a 17-year-old and … Continue reading FBI, CISA warn of ‘voice phishing’ campaigns