Fraud Alert: Have You Heard About New Vishing Attacks?

Kirsch CPA Group

Oct 19, 2020

For years, businesses and individuals have had to worry about so-called “phishing” scams sent via email or text. These cyberattacks are designed to hook unsuspecting victims into revealing sensitive information. Now there’s a new twist aimed largely at small businesses: Voice phishing scams (also known as “vishing” using social engineering). A recent alert from the Cybersecurity Infrastructure Security Agency (CISA), acting in conjunction with the Federal Bureau of Investigation (FBI), provides the details.

 

Vishing Expeditions

In the classic phishing scam, scammers use email or text messages to trick someone into revealing sensitive information. Fraudsters may target individuals to gain access to their passwords, account numbers, Social Security numbers (SSNs) and other sensitive personal data. Phishing scams also may target employees to gain access to their employers’ networks. Once inside, they can steal electronic records containing employee or customer data, install malware or ransomware, and/or hijack the company’s records, such as customer lists, financial records, account numbers, trade secrets and in-progress R&D projects. In vishing scams that target the business sector, a scammer calls on the phone and may use intimidation to convince the employee to provide access. In some cases, the scammer may pose as a coworker from the company’s IT department who’s been assigned to install a software update that’s actually malware.

 

Uptick in Cases

Vishing scams have been around for years. But the proliferation of employees working from home during the novel coronavirus pandemic has led to a significant uptick in these scams in 2020. Why? At-home networks are often less secure than in-office networks — and some companies haven’t had the time or resources to update their security protocols for remote access. Fraudsters have seized this opportunity to target stay-at-home employees. Vishing attacks gained momentum over the summer, according to the CISA advisory. The fraudsters typically exploit holes in the security system of virtual private networks (VPNs) set up to accommodate employees working from home. Here are four steps involved in a typical vishing scam:

1. The so-called “visher” creates a website that replicates or closely resembles the company’s VPN login page. Then he or she obtains a secure socket layer (SSL) certificate for the domain and names it with a combination of the company’s name and words such as “support” or “employee.”

2. The visher compiles a dossier on an employee, including the employee’s full name and address, phone number, and position at the company. This information can often be obtained from public profiles on social media platforms, recruiter and marketing tools, publicly available background check services and other resources.

3. The visher contacts the employee through a voice over Internet protocol (VoIP) number or a fake phone number from other employees and departments from the company. Typically, the scammer will impersonate IT help desk workers and gain the employee’s trust using the dossier of personal information.

4. The visher convinces the target that he or she will receive a new VPN link that requires login information. This may include two-factor authentication, a solo password or both. In some cases, the prompt is approved by an employee who mistakenly believes access had been granted earlier to the IT desk impersonator. In other cases, hackers employ SIM swapping attacks to circumvent security measures.

When this process is complete, the company’s proprietary and trade secret information is exposed. This could lead to substantial ransom costs, forensic fees and expenses, employee and customer notice obligations and even liability for security breaches.

 

Preventing an Attack

Fortunately, the CISA advisory does more than just alert the business sector to the potential dangers of vishing. It also outlines the following steps for companies to take for greater protection against these sophisticated attacks.

  • Restrict VPN access hours and VPN connections to managed devices only. Use mechanisms like hardware checks or installed certificates, so user input alone isn’t enough to access the corporate VPN.
  • Employ domain monitoring to help you track the creation of, or changes to, corporate, brand-name domains.
  • Actively scan and monitor web applications for unauthorized access, modification and anomalous activities.
  • Employ the principle of least privilege and software restriction policies.
  • Monitor authorized user accesses and usage.

In addition, employers might consider using a formalized authentication process for employee-to-employee communications made over the public telephone network where a second factor is used to authenticate the phone call before sensitive information can be discussed.

 

Team Effort

At many workplaces, remote working arrangements are expected to outlast the COVID-19 crisis — and cybercriminals will continue to find ways to exploit home-based networks. Employees are your company’s first line of defense against cyberattacks. Cybersecurity training can help update employees on proper network use, security issues and when to call a secure IT number. Remind employees to be suspicious of any request for their logins and credentials or other personal information. Provide detailed instructions for contacting the appropriate personnel if they have any security concerns. Your company’s professional advisors can also be valuable assets as your company adjusts to work-from-home arrangements and help fortify your company’s cybersecurity measures.



More Resources

Next Level Accounting Guide

Guide: Next Level Accounting Services for Your Growing Business

Build a Better Business Guide

Guide: Build a Better Business by the Numbers

Business Acquisition to Sale Case Study

Case Study: Strategic Accounting Support from Acquisition to Sale

About The Author

Kirsch CPA Group is a full service CPA and business advisory firm helping businesses and organizations with accounting,…

Read More

Kirsch CPA Next Level Accounting Guide Download the Guide

Sign Up for Email Updates

Tags

Business Advisory (199) Small Business (74) Tax Strategy (73) Accounting (55) Construction (54) Business Strategy (53) Manufacturing (50) Non profit (45) Tax (32) Accounting Services (28) Tax Strategies (26) Kirsch News (25) Business Planning (25) Payroll (24) Business Taxes (23) Business Valuation (23) Grow Your Business (20) Retirement (18) Audit and Assurance Services (18) PPP (16) Fraud (16) Individual Tax (15) Tax Planning (14) CARES Act (13) Holistic Accounting Services (13) Business Advisory Services (13) Strategic Accounting (12) Benefit (11) Cash Flow (10) Employee Retention Credit (10) Financial Planning (9) IRS (9) Business (9) Contractors (9) Consolidated Appropriations Act (9) Deduction (9) Manufacturing Accounting (9) Human Resources (8) Financial Statements (8) Succession Planning (8) Small Business Tax (7) Tax Break (7) Business Owner (7) Department of Labor (6) Mergers and Acquisitions (6) IRA (6) Succession Plan (6) Remote Work (6) Tax Credit (6) Contractor (6) Inflation (6) Accounting Software (6) Construction Accounting (6) BOI Updates (6) Nonprofit (6) Ohio Tax (5) Tax Breaks (5) Estate Planning (5) Technology (5) Risk (5) Law (5) Valuation (5) Financial (5) strategic tax planning (5) Outsourced Accounting Services (5) Cash Flow Management (5) Professional Services Accounting (5) LLC (4) Estate Plan (4) Overtime (4) Real Estate (4) Deductions (4) Hiring (4) Cost (4) TCJA (4) Tax Cuts and Jobs Act (4) Supply Chain (4) ERC (4) Self-Employed (4) Plan (4) Revenue (4) Depreciation (4) Financial KPIs (4) Billing (4) ESOP (4) accounting partner (4) Accounting Best Practices (4) monthly financial statements (4) Not-for-profit (4) Compensation (3) Partnership Tax (3) Retain Employees (3) HSA (3) Business Intelligence (3) Social Security (3) DOL (3) Sales (3) Self-Employment (3) Outsourcing (3) Protecting Your Business (3) Rental Property (3) WOTC (3) Tax Benefits (3) Charitable Donations (3) Individual Taxes (3) EEOC (3) Work From Home (3) Donation (3) Profit (3) Contingency Plan (3) Gift (3) Family (3) Rental (3) Loss (3) Unemployment (3) CFO (3) Succession (3) Small Businesses (3) Credit (3) Loan (3) Gift Tax (3) Estate Tax (3) financial reporting (3) QBI (3) Cash (3) Unrelated Business Income Tax (3) Kirsch promotions (3) Cash Basis (3) family business (3) Section 179 (3) S-Corp (2) Research Tax Credits (2) Selling Your Business (2) Best Workplaces in Ohio (2) Buy-Sell Agreement (2) Ohio Taxes (2) Independent Contractor Status (2) Revenue Recognition (2) Home Office (2) Tax Credits (2) Payment (2) Deadline (2) Help for Ohio Business (2) FASB (2) Mid-Year (2) Deductible (2) Taxes (2) Bankruptcy (2) Welcome to the Team (2) Contracts (2) Phishing (2) Year-End (2) Join Our Team (2) Tax Free (2) Individual Income Tax (2) Tax Rate (2) Stimulus (2) New Law (2) Loan Changes (2) M&A (2) Personal Return (2) The American Rescue Plan Act (2) ARPA (2) Penalties (2) OSHA (2) Insurance (2) Return to Workplace (2) Estate (2) Future (2) Cryptocurrency (2) Expense (2) Property (2) Rent (2) CFO Services (2) Penalty (2) Contract (2) Wages (2) State Tax (2) Savings (2) Value (2) Tax Law (2) Tax Preparation (2) Tax Saving (2) Mileage (2) R&D (2) Chart of Accounts (2) Buy (2) Sell (2) Qualified Business Income (2) Multistate Taxes (2) tax compliance (2) Tax Incentive (2) Software (2) Debt (2) Supply (2) Tax Benefit (2) Inflation Risks (2) Invoice (2) Inflation Reduction Act (2) CHIPS Act (2) Generally Accepted Accounting Principles (2) Forecast (2) research credit (2) Expenses (2) Bookkeeper (2) Outsourced CFO (2) scaling a business (2) reduce labor costs (2) Upgrading Accounting Systems (2) QuickBooks Software (2) QuickBooks Optimization (2) Accounting Outsourcing (2) Strategic Business Advisory (2) BOI (2) Compensation Plans (1) SEPs (1) Donor Datebase (1) Promoting (1) Monitor Employee Communications (1) Business Expenses (1) Board of Directors (1) Customer Service (1) Motivate Employees (1) S Corporation (1) Record Retention (1) Employer Provided Vehicles (1) Tax Rules for Boats (1) Tax Rules for RVs (1) Home Improvement (1) No-Match Letter (1) Sales Deal (1) Rules of Qualification (1) Customer Loyalty (1) Profits (1) Work for Kirsch (1) Tax Deductible (1) Industry (1) Work Culture (1) Taxpayers (1) Partner (1) Tax Return (1) Competition (1) Tax Refund (1) Security (1) Leadership (1) Medical & Sick Leave (1) Economic Injury Disaster Loan (1) Emergency Financing From the SBA (1) Tax Favored Distributions (1) Roth (1) Traditional Roth (1) Dependent Care (1) DCAP (1) Pivot Strategy (1) Chapter 11 (1) Chapter 7 (1) Epidemic (1) Customers (1) Travel Restrictions (1) Workers Health (1) Legal Claims (1) Deferred Filing Tax Returns (1) HIPAA (1) Business Vehicle (1) Promotions (1) Worker Comp (1) Ohio Bureau of Workers Compensation (1) Homeowners (1) Common Tax Scams (1) Internal Tax Service (1) Hobby (1) Health Plan Administrative Expense (1) Financial Distress (1) Insolvency Exception (1) Home Mortgage Exception (1) Interest Exception (1) Student Loan (1) FSA (1) Improvements (1) Repairs (1) Background Check (1) Fraud Alert (1) Vishing (1) Preventing Attack (1) Home Office Deductions (1) Boost Profits (1) Independent Contractor (1) Ramsonware (1) Health Plan (1) Related Paid Leave (1) Tax Provisions (1) Overtime Pay (1) Buy or Lease (1) Data Breaches (1) Malware (1) Beneficiaries (1) Inheritance (1) Policy (1) Cost Cutting (1) Disaster Relief (1) FAQs (1) Resolutions (1) Schedule C (1) Closing Business (1) High-Deduction (1) Elderly (1) CVD (1) Restaurant (1) Opportunity Zone Investments (1) Bad Debt (1) SafeSend Exchange (1) Owners Compensation (1) Financial Relief (1) Child Labor Law (1) Minimum Wage (1) Record-Keeping (1) Bottom Line (1) Power of Attorney (1) Trader Status (1) Vaccine Scams (1) Child and Dependent Care Credit (1) Go Green (1) Visa (1) International (1) Employee (1) H-2B (1) FEMA (1) Trusts (1) Operations (1) Digital (1) Profit Fade (1) Managing Cost (1) Project (1) Make Money (1) Properties (1) Home (1) Return to Work (1) Federal Labor Policy (1) Labor (1) Labor Law (1) Passive Activity Loss (1) PAL (1) Liability (1) Deduct (1) Cybersecurity (1) Landlord (1) Relief (1) Job Loss (1) Eviction (1) Tenant (1) Economy (1) Development (1) Next (1) Strategic (1) Profitability (1) Financial Health (1) Individuals (1) Individual (1) Reviewed Financials (1) New Development (1) Opportunity (1) Planning (1) Review (1) Payroll Tax Credit (1) Overhead (1) Price (1) Estimate (1) Out-of-Scope (1) Project Planning (1) Productivity (1) Production (1) Lean (1) Output (1) Raw Material (1) Incentive (1) Process (1) Cyber (1) Cyber Attack (1) Financial Penalty (1) OT (1) Ransom (1) Ransomware (1) Hacker (1) Prevent (1) Prevention (1) DHS (1) Department of Homeland Security (1) Processing Payroll (1) Labor Laws (1) SBA (1) Damage (1) Damages (1) Economic (1) Economic Damage (1) NIOSH (1) National Institute for Occupational Safety and Health (1) Safety (1) PPE (1) Saving (1) Strategy (1) Customer Segmentation (1) Save (1) Client (1) Customer (1) Business Real Estate (1) Commercial (1) Location (1) Office Space (1) Lease (1) Shareholder (1) Independent Investor (1) Tax Season (1) Taxcaddy (1) Tax Filing (1) Tax Documents (1) Inside Public Accounting (1) CPA (1) Lower Taxes (1) Tax Savings (1) Tax Rules (1) Build Back Better Act (1) Proposed Tax Laws (1) Business Insurance (1) Premium (1) Life Insurance (1) Property-Casualty Insurance (1) long term disability (1) long-term care (1) crisis (1) crisis management (1) contingency (1) research and development (1) research (1) confidential (1) confidentiality (1) service providers (1) P&L statements (1) fairness opinion (1) fairness opinions (1) M&A Plan (1) money (1) estate and gift tax (1) commission (1) commission fraud (1) salespeople (1) due diligence (1) real estate investment trusts (1) REIT (1) investment (1) trade (1) Specified Service Trade or Business (1) SSTB (1) qualified (1) key person (1) discount (1) sales tax (1) single-member (1) multi-member (1) limited (1) General Partners (1) self-employment tax (1) medium business (1) qualified business income deduction (1) depreciation deduction (1) Junior Achievement Business Hall of Fame (1) Asset (1) owner (1) tax liability (1) tax files (1) tax records (1) federal tax (1) records (1) financial records (1) Bills (1) receipts (1) personal tax files (1) sell business (1) organized crime (1) National Federation of Independent Business (1) NFIB (1) Close (1) Close Business (1) debts (1) Small Business Reorganization Act (1) SBRA (1) Home-Based Business (1) kentucky tax law (1) gas (1) fuel (1) suppliers (1) supplier (1) marketplace (1) market (1) online (1) supplies (1) scam (1) product (1) seller (1) Buyer (1) work opportunity tax credit (1) work opportunity (1) Amended Taxes (1) inventory tracking (1) labor cost tracking (1) job costing (1) networking (1) projects (1) Collecting (1) equipment (1) purchase (1) combat inflation (1) Employee Stock Ownership Plans (1) company stock (1) ERISA (1) Employee Retirement Income Security Act of 1974 (1) corporate (1) legislation (1) profitability analysis (1) SALT cap workaround law (1) lending (1) Case Study (1) Financial Accounting Standards Board (1) GAAP (1) tech (1) legacy gift (1) funding (1) living trust (1) will (1) wealth (1) financial management (1) payroll support (1) rollover (1) inventory (1) disaster (1) interruption insurance (1) Business interruption (1) corporation (1) research expenses (1) income tax liability (1) types of financials (1) SSA (1) Social Security Administration (1) wage base (1) Claim (1) small business owner (1) reduce (1) reduction (1) Research & Development (1) research & development expenses (1) risk management (1) PTE (1) Pass-through entity (1) Chief Financial Officer (1) next level accounting services (1) pricing analysis (1) exit and retirement planning (1) SECURE 2.0 (1) Setting Every Community Up for Retirement Enhancement 2.0 Act (1) rate (1) medical (1) moving (1) digital enterprise (1) mobile (1) Cloud-Based (1) financial statement (1) forecasting (1) projections (1) projection (1) NOL (1) net operating loss (1) COD (1) Cancellation of Debt (1) forgiven (1) forgiveness (1) financial roadmap (1) quickbooks (1) SafeSend Returns (1) valuing (1) holistic (1) fradulent (1) invoices (1) FIFO (1) LIFO (1) last-in (1) first-out (1) first-in (1) tax changes (1) Business Interest Expense (1) Capitalize Research Costs (1) corporate cash donation (1) equifax hack (1) FICA (1) FUTA (1) medicare (1) normalized EBITDA (1) DCF (1) Business Buyers (1) meals (1) entertainment (1) Multistate Payroll Taxes (1) Remote Workforce Taxes (1) Payroll Automation (1) Local Tax Laws (1) Multistate Compliance (1) signs to scale (1) financial insights (1) reduce operating costs (1) Energy Credits (1) 401(k) (1) disabled access credit (1) family and medical leave credit (1) retirement plan startup credit (1) retirement plan automatic enrollment credit (1) QuickBooks Cleanup (1) loss disallowance rule (1) carryforward (1) distressed business (1) credit sales (1) collections (1) receivables ratio (1) aging schedule (1) average collection period (1) duties test (1) Agile Business (1) Weather Economic Uncertainty (1) Next Level Accounting (1) Projecting Cash Flow (1) veterinary profitability (1) Maximizing Labor ROI (1) Business Growth Plateau (1) bonus depreciation (1) IRS Section 179 (1) qualified improvement property (1) PTE Tax Benefits (1) ERC Claims (1) Cash Flow Forecasting (1) GAAP Accounting (1) Manufacturer Accounting Services (1) Tax Planning Services (1) Professional Services (1) Strategic Business Planning (1) nonprofit accounting services (1) Contractor Accounting (1) quarterly financial statements (1) Accounting Advisory Services (1) Transportation Tariffs (1) FinCEN (1) transportation KPI (1) logistics KPI (1) transportation business metrics (1) transportation business profitability (1)

Accounting & Financial News

Audits Are Essential to Your Organization’s Health

Audits have become more important due to increased public and government scrutiny of not-for-profit organizations, their management…

Read More

Tax Update: What the “One Big Beautiful Bill” Means for You

On July 5, President Trump signed the One Big Beautiful Bill Act (OBBB) into law—a sweeping tax…

Read More

Ohio Income Tax Changes: What You Need to Know

On June 30, 2025, Ohio Governor Mike DeWine signed into law the state’s biennial operating budget, which includes modifications to…

Read More
Kirsch Swoosh

Frequently Asked Questions

How can I manage cash flow better?

Good cash flow management and forecasting are essential for maintaining the financial health of your business. Having a rolling 12-month forecast of revenues and expenses helps you proactively avoid shortfalls and capitalize on opportunities. Learn more >

How can my business benefit from outsourced CFO services?

Outsourced CFO services, also known as fractional or virtual CFO services, let small and mid-size businesses leverage the deep financial expertise and strategic insights needed to accelerate growth and profitability for a fraction of the cost of hiring a full-time CFO. Key offerings include profitability analysis, cash flow forecasting, KPI benchmarking, and budgeting. Learn more >

How can I ensure that I don’t pay more taxes than necessary?

Effective tax planning involves leveraging all available tax credits, avoiding unpleasant surprises, keeping up with changes in the law, and ensuring you pay only your fair share. Learn more >

How can a CPA firm increase the profitability and value of my business?

When you partner with an accounting firm that offers advisory services, you will have the clear financial visibility needed to confidently make big decisions and drive profitable growth for your business. Learn more >

What should I look for in an outsourced accounting firm?

Growing a business requires more than tax preparation and basic accounting services. You need a holistic and forward-looking approach to your financial health. For best results, look for a partner who employs a proven process and a diverse range of services tailored to optimize cash flow, increase profitability, and maximize the value of your business. Learn more >