[OPLIN 4cast] OPLIN 4Cast #684: Vishing is the new phishing, and it's way more effective

OPLIN OPLIN support at oplin.ohio.gov
Wed Sep 2 10:31:06 EDT 2020


Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>
[image: OPLIN 4Cast]

OPLIN 4Cast #684: Vishing is the new phishing, and it's way more effective
September 2nd, 2020

[image: Hands holding a cell phone] The spelling of the word "phishing" was
influenced by the earlier word "phreaking," which described the hacking of
telephone systems. And now the word evolves further, because "vishing," *voice
phishing*, is on the rise. Combining the tools of email phishing with the
techniques of telephone scams, novice telecommuters are being tricked into
giving up login credentials to their corporate networks.

   -
   - Voice Phishers Targeting Corporate VPNs
   <https://krebsonsecurity.com/2020/08/voice-phishers-targeting-corporate-vpns/>
   [*Krebs on Security*] "One increasingly brazen group of crooks is taking
   your standard phishing attack to the next level, marketing a voice phishing
   service that uses a combination of one-on-one phone calls and custom
   phishing sites to steal VPN credentials from employees."
   - FBI and CISA warn of major wave of vishing attacks targeting
   teleworkers
   <https://www.zdnet.com/article/fbi-and-cisa-warn-of-major-wave-of-vishing-attacks-targeting-teleworkers/>
   [*ZDNet*] "The actors used social engineering techniques and, in some
   cases, posed as members of the victim company's IT help desk, using their
   knowledge of the employee's personally identifiable information—including
   name, position, duration at company, and home address—to gain the trust of
   the targeted employee."
   - The Attack That Broke Twitter Is Hitting Dozens of Companies
   <https://www.wired.com/story/phone-spear-phishing-twitter-crime-wave/> [
   *Wired*] "The hackers' phishing site that allows that spoofing, unlike
   the kind usually linked in a phishing email, is usually created only for
   that specific phone call and is taken down immediately after the hackers
   steal the victim's credentials. The vanishing website and the lack of email
   evidence makes this sort of phone-based engineering often harder to detect
   than traditional phishing."
   - Voice phishing attacks on the rise, CISA, FBI warn
   <https://fcw.com/articles/2020/08/21/johnson-vishing-cisa-fbi.aspx>
[*Federal
   Computer Week*] "Recommended mitigation techniques include restricting
   VPN use to managed devices, restricting log in periods, and monitoring
   suspicious new domains that could be used to impersonate a company's
   internal help desk."

*From the Ohio Web Library <http://ohioweblibrary.org>:*

   - Baron, Laura. “Gone Vishing
   <https://proxy.oplin.org:2111/login.aspx?direct=true&db=buh&AN=22696002&site=ehost-live>
   .” *Journal of Accountancy*, vol. 202, no. 3, Sept. 2006, p. 15.
   - “Beware of Phishing--and Vishing
   <https://proxy.oplin.org:2111/login.aspx?direct=true&db=f5h&AN=23178847&site=ehost-live>
   .” *Nursing*, vol. 36, no. 12, Dec. 2006, p. 66.
   - Turner, Myra Faye. *The Young Adult’s Guide to Identity Theft : A
   Step-by-Step Guide to Stopping Scammers
   <https://proxy.oplin.org:2111/login.aspx?direct=true&db=nlebk&AN=1469435&site=ehost-live>*.
   Atlantic Publishing Group Inc, 2017.

------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL:
   http://www.oplin.org/4cast/index.php/?feed=rss2.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://lists.oplin.org/mailman/listinfo/OPLIN4cast.

© 2020 Ohio Public Library Information Network
[image: Find us on Slideshare] <http://www.slideshare.net/oplin>  [image:
Find us on Facebook] <http://www.facebook.com/oplin.org>  [image: Find us
on Google+] <https://plus.google.com/107751358238995507967>  [image: Find
us on Twitter] <http://www.twitter.com/oplin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20200902/e7226fd2/attachment.htm>


More information about the OPLIN4cast mailing list