Has any one you know been voice phished (vished) lately?
Brian Krebs of Krebsonsecurity.com reported both the FBI and CISA issued a joint advisory on August 20,2020 about a new wave of voice phishing (Vishing) threats aimed at employees working from home. The campaign started in mid-July and was designed to social engineer [pretext] employees posing as members of IT help desks. They even spoofed internal numbers. Armed with compiled dossiers on each employee they grabbed from publicly available sites (OSINT), they were able to gain trust to phish employees by telling them they needed a new VPN link. The link collected 2FA or OTP tokens necessary to gain access into the employers network. The attackers also social engineered mobile phone carriers and were able to Sim swap mobile accounts to intercept the one-time codes of targeted employees.
What can you do?
If you want to test your employees and inoculate them against attacks like this, we have a vishing social engineering test ready for you to roll out. For vishing we even have international numbers and the countries we have numbers for are listed here if you scroll down a bit. You should ask for a demo and get your rep to demo this feature to you.