Fraud Alert: Have You Heard About New Vishing Attacks?

Kirsch CPA Group

Oct 19, 2020

For years, businesses and individuals have had to worry about so-called “phishing” scams sent via email or text. These cyberattacks are designed to hook unsuspecting victims into revealing sensitive information. Now there’s a new twist aimed largely at small businesses: Voice phishing scams (also known as “vishing” using social engineering). A recent alert from the Cybersecurity Infrastructure Security Agency (CISA), acting in conjunction with the Federal Bureau of Investigation (FBI), provides the details.

 

Vishing Expeditions

In the classic phishing scam, scammers use email or text messages to trick someone into revealing sensitive information. Fraudsters may target individuals to gain access to their passwords, account numbers, Social Security numbers (SSNs) and other sensitive personal data. Phishing scams also may target employees to gain access to their employers’ networks. Once inside, they can steal electronic records containing employee or customer data, install malware or ransomware, and/or hijack the company’s records, such as customer lists, financial records, account numbers, trade secrets and in-progress R&D projects. In vishing scams that target the business sector, a scammer calls on the phone and may use intimidation to convince the employee to provide access. In some cases, the scammer may pose as a coworker from the company’s IT department who’s been assigned to install a software update that’s actually malware.

 

Uptick in Cases

Vishing scams have been around for years. But the proliferation of employees working from home during the novel coronavirus pandemic has led to a significant uptick in these scams in 2020. Why? At-home networks are often less secure than in-office networks — and some companies haven’t had the time or resources to update their security protocols for remote access. Fraudsters have seized this opportunity to target stay-at-home employees. Vishing attacks gained momentum over the summer, according to the CISA advisory. The fraudsters typically exploit holes in the security system of virtual private networks (VPNs) set up to accommodate employees working from home. Here are four steps involved in a typical vishing scam:

1. The so-called “visher” creates a website that replicates or closely resembles the company’s VPN login page. Then he or she obtains a secure socket layer (SSL) certificate for the domain and names it with a combination of the company’s name and words such as “support” or “employee.”

2. The visher compiles a dossier on an employee, including the employee’s full name and address, phone number, and position at the company. This information can often be obtained from public profiles on social media platforms, recruiter and marketing tools, publicly available background check services and other resources.

3. The visher contacts the employee through a voice over Internet protocol (VoIP) number or a fake phone number from other employees and departments from the company. Typically, the scammer will impersonate IT help desk workers and gain the employee’s trust using the dossier of personal information.

4. The visher convinces the target that he or she will receive a new VPN link that requires login information. This may include two-factor authentication, a solo password or both. In some cases, the prompt is approved by an employee who mistakenly believes access had been granted earlier to the IT desk impersonator. In other cases, hackers employ SIM swapping attacks to circumvent security measures.

When this process is complete, the company’s proprietary and trade secret information is exposed. This could lead to substantial ransom costs, forensic fees and expenses, employee and customer notice obligations and even liability for security breaches.

 

Preventing an Attack

Fortunately, the CISA advisory does more than just alert the business sector to the potential dangers of vishing. It also outlines the following steps for companies to take for greater protection against these sophisticated attacks.

  • Restrict VPN access hours and VPN connections to managed devices only. Use mechanisms like hardware checks or installed certificates, so user input alone isn’t enough to access the corporate VPN.
  • Employ domain monitoring to help you track the creation of, or changes to, corporate, brand-name domains.
  • Actively scan and monitor web applications for unauthorized access, modification and anomalous activities.
  • Employ the principle of least privilege and software restriction policies.
  • Monitor authorized user accesses and usage.

In addition, employers might consider using a formalized authentication process for employee-to-employee communications made over the public telephone network where a second factor is used to authenticate the phone call before sensitive information can be discussed.

 

Team Effort

At many workplaces, remote working arrangements are expected to outlast the COVID-19 crisis — and cybercriminals will continue to find ways to exploit home-based networks. Employees are your company’s first line of defense against cyberattacks. Cybersecurity training can help update employees on proper network use, security issues and when to call a secure IT number. Remind employees to be suspicious of any request for their logins and credentials or other personal information. Provide detailed instructions for contacting the appropriate personnel if they have any security concerns. Your company’s professional advisors can also be valuable assets as your company adjusts to work-from-home arrangements and help fortify your company’s cybersecurity measures.



About The Author

Kirsch CPA Group is a full service CPA and business advisory firm helping businesses and organizations with accounting,…

Read More

Tags

Covid-19 (51) tax strategies (25) Tax (25) business advisory (21) Kirsch News (18) Construction (18) Small Business (16) Business planning (16) manufacture (14) Manufacturing (14) Nonprofit (13) grow your business (12) Non-Profit (12) Tax Planning (12) retirement (12) deduction (12) Not For Profit (11) CARES Act (11) Fraud (11) Business (11) Tax credit (9) IRS (8) payroll (8) Contractors (8) CAA (8) Benefit (8) Small business tax (7) Department of Labor (7) Cash Flow (7) PPP Loan Forgiveness (7) Tax Break (7) Consolidated Appropriations Act (7) Employee Retention Credit (7) financial statements (7) risk (7) pandemic (7) accounting (7) balance sheet (7) business valuation (7) compensation (6) Payroll tax (6) accountants (6) Deductions (6) 401K (6) Hiring (6) PPP (6) Employee (6) loss (6) benefits (6) valuation (6) Tax Breaks (5) DOL (5) Estate Planning (5) Growth (5) Tax Cuts and Jobs Act (5) remote work (5) EEOC (5) Work from home (5) revenue (5) profitability (5) accounting advisory service (5) contractor (5) loan (5) depreciation (5) llc (4) Estate Plan (4) Real Estate (4) Cost (4) TCJA (4) CoronaVirus (4) IRA (4) Paycheck Protection Program (4) ERC (4) cash flow forecast (4) ARPA (4) Manufacturers (4) new hire (4) plan (4) rental (4) assets (4) credit (4) remote (4) retire (4) Inflation (4) business owner (4) billing (4) Retain Employees (3) Audit (3) HSA (3) Social Security (3) Sales (3) Self-Employment (3) Not-for-Profits (3) Protecting your business (3) Succession Plan (3) FASB (3) PPP Loan (3) Tax Benefits (3) CARES (3) Donation (3) 2021 (3) strategic accounting (3) self-employed (3) Profit (3) Insurance (3) Contingency Plan (3) gift (3) technology (3) cryptocurrency (3) unemployment (3) CFO (3) employment (3) succession (3) cfo services (3) financial health (3) health (3) 990 (3) small businesses (3) savings (3) cpa (3) mileage (3) gift tax (3) estate tax (3) hire (3) manufacturer (3) software (3) cash (3) fringe benefit (3) tax benefit (3) Section 179 (3) financial (3) GAAP (3) Generally Accepted Accounting Principles (3) Ohio tax (2) s-corp (2) RMD (2) Research Tax Credits (2) Selling Your Business (2) Business Intelligence (2) Best Workplaces in Ohio (2) Buy-Sell Agreement (2) Overtime (2) Revenue Recognition (2) Home Office (2) Mergers (2) Acquisitions (2) 1099 (2) Partner (2) Benefit Plan (2) Outsourcing (2) Financial Planning (2) Security (2) Change (2) Payment (2) Deadline (2) Help for Ohio Business (2) Supply Chain (2) Business Owners (2) COVID-19 relief (2) Rental Property (2) Mid-Year (2) Business Vehicle (2) Taxes (2) Bankruptcy (2) Welcome to the team (2) Contracts (2) Phising (2) Charitable Donations (2) Home Office Deductions (2) Year-End (2) Individual Taxes (2) Remote Workers (2) Boost Profits (2) ADA (2) Health Plan (2) join our team (2) Bookkeepers (2) charitable (2) Tax Free (2) Individual Income Tax (2) Tax Rate (2) Stimulus (2) Small Business Owners (2) New Law (2) Loan Changes (2) M&A (2) financial strategy (2) Equal Employment Opportunity Commission (2) Personal Return (2) The American Rescue Plan Act (2) 1040 Federal Return (2) American Rescue Plan Act (2) individual tax (2) OSHA (2) Occupational Safety and Health Administration (2) Reimburse (2) Worker (2) Return to workplace (2) innovation (2) grow (2) estate (2) future (2) family (2) operations (2) cryptocurrencies (2) bitcoin (2) digital (2) expense (2) property (2) rent (2) return to work (2) partnership (2) economy (2) development (2) succession planning (2) individual (2) reviewed financials (2) law (2) penalty (2) planning (2) review (2) tax-exempt (2) 501(c)(3) (2) political (2) inurement (2) remote worker (2) contract (2) lean (2) working capital (2) tax law change (2) wages (2) income statement (2) prevention (2) covid (2) state tax (2) value (2) tax law (2) business growth (2) lease (2) pricing (2) Internal Revenue Service (2) tax preparation (2) IPA (2) Inside Public Accounting (2) tax saving (2) R&D (2) chart of accounts (2) financial KPIs (2) buy (2) sell (2) investment (2) Qualified Business Income (2) QBI (2) multistate taxes (2) tax incentive (2) business strategy (2) 1040 (2) retention (2) acfe (2) Association of Certified Fraud Examiners (2) occupational fraud (2) employees (2) debt (2) Unrelated Business Income Tax (2) UBIT (2) standard mileage rate (2) antifraud (2) crypto (2) audit and assurance services (2) cash basis (2) liabilities (2) inflation risks (2) retirement plan (2) invoice (2) Inflation Reduction Act (2) CHIPS Act (2) borrow (2) Financial Accounting Standards Board (2) cash flows (2) forecast (2) SECURE 2.0 (2) 403(b) (2) Partnerships (1) IRA distributions (1) IRS Audits (1) Compensation Plans (1) SEPs (1) Donor Datebase (1) Promoting (1) Monitor Employee Communications (1) Business Expenses (1) board of directors (1) Customer Service (1) 4 Simple Steps (1) Motivate Employees (1) Ohio Taxes (1) S Corporation (1) Record retention (1) Employer-Provided Vehicles (1) Tax Rules for Boats (1) Tax Rules for RVs (1) Home Improvement (1) No-Match Letter (1) Independent Contractor Status (1) Sales Deal (1) Rules of Qualification (1) Customer Loyalty (1) Profits (1) AGI (1) Adjusted Gross Income (1) Work for Kirsch (1) Health Savings Account (1) Tax Deductible (1) Industry (1) Work Culture (1) Affordable Care Act (1) ACA (1) Taxpayers (1) Tax Return (1) Human Resources (1) Competition (1) Tax refund (1) Tax Credits (1) Leadership (1) 2019 (1) Medical & Sick Leave (1) Economic Injury Disaster Loan (1) Emergency Financing From the SBA (1) payroll protection program (1) Tax Favored Distributions (1) Roth (1) Traditional Roth (1) dependent care (1) DCAP (1) covi (1) Pivot Strategy (1) Chapter 11 (1) Chapter 7 (1) Epidemic (1) Customers (1) Travel Restrictions (1) Workers Health (1) legal Claims (1) Deferred Filing Tax Returns (1) HIPAA (1) update (1) Deductible (1) Promotions (1) Worker comp (1) Ohio Bureau of Workers COmpensation (1) Homeowners (1) common tax scams (1) Internal Tax Service (1) awards (1) Hobby (1) Health Plan Administrative Expense (1) Financial distress (1) Insolvency Exception (1) Home Mortgage Exception (1) Interest Exception (1) Student Loan (1) FSA (1) Flexible Spending Accounts (1) WOTC (1) Improvements (1) Repairs (1) Background Check (1) Fraud Alert (1) Vishing (1) Preventing Attack (1) Sensitive Company Data (1) Age-Bias (1) Downsizing (1) Ohio BWC (1) CDC (1) ADEA (1) Independent Contractor (1) Ramsonware (1) Related Paid Leave (1) PPP Forgiveness (1) Tax Provisions (1) Overtime pay (1) Buy or Lease (1) 2020 tax return (1) Data breaches (1) malware (1) Benficiaries (1) Inheritance (1) policy (1) cost cutting (1) Disaster Relief (1) FAQs (1) COVID-Related Tax Relief Act (1) Construction Financial (1) Resolutions (1) Schedule C (1) Closing Business (1) high-deduction (1) Elderly (1) CVD (1) Restaurant (1) Tax figures (1) Opportunity Zone Investments (1) Covid vaccination (1) bad debt (1) business taxes (1) business return (1) Individual IRA (1) SafeSend Exchange (1) COVIDTRA (1) owners compensation (1) Financial relief (1) 2020 Taxes (1) 2020 tax break (1) Child Labor Law (1) Minimum wage (1) Record-keeping (1) Penalties (1) Child Credit (1) 2020 federal return (1) Kirsch CPA Group (1) bottom line (1) Power of Attorney (1) cash flow visibility (1) Trader Status (1) Vaccine scams (1) Child and Dependent Care Credit (1) Go Green (1) Visa (1) International (1) H-2B (1) virtual currency (1) FEMA (1) Federal Emergency Management Agency (1) Diabilities (1) Americans with Disabilities Act (1) creative thinking (1) creative (1) new (1) trusts (1) trust (1) blockchain (1) cryptography (1) currency (1) digital money (1) profit fade (1) managing cost (1) project (1) make money (1) vacation home (1) summer (1) rentals (1) properties (1) residency (1) residence (1) home (1) federal labor policy (1) labor (1) labor law (1) passive activity loss (1) pal (1) liability (1) deduct (1) cybersecurity (1) cyber security (1) landlord (1) relief (1) job loss (1) eviction (1) tenant (1) new jobs (1) develop (1) next (1) strategic (1) retiring (1) virtual cfo (1) cpa firm (1) gross profit margin (1) net profit margin (1) individuals (1) labor shortage (1) help wanted (1) unemployed (1) employ (1) EVP (1) Employment Value Proposition (1) compiled financials (1) audited financials (1) Supreme Court (1) appeal (1) reverse (1) trade secrets (1) intellectual property (1) IP (1) theft (1) protect (1) protection (1) trademark (1) trademarks (1) copyright (1) copyrights (1) patent (1) patents (1) business plan (1) new development (1) opportunity (1) opportunities (1) lose (1) keep (1) campaign (1) lobbying (1) campaigning (1) lobby (1) annual report (1) annual reporting (1) annual reports (1) 990-EZ (1) payroll tax credit (1) ctc (1) child tax credit (1) 2021 tax (1) child (1) litigation (1) jurisdiction (1) sue (1) sued (1) legal (1) HR (1) counsel (1) overhead (1) price (1) estimate (1) out-of-scope (1) project planning (1) productivity (1) production (1) output (1) raw material (1) incentive (1) process (1) net equity (1) debt level (1) goodwill accounting (1) private firm (1) merger (1) acquisition (1) merge (1) acquire (1) cyber (1) cyber attack (1) cyberattack (1) securities (1) harvesting (1) American Family Plan (1) AFP (1) long-term capital gain (1) capital asset (1) gains (1) gain (1) losses (1) Securities Harvest (1) financial penalty (1) OT (1) ransom (1) ransomware (1) ransom ware (1) hacker (1) hackers (1) prevent (1) DHS (1) Department of Homeland Security (1) executive compensation (1) private inurement (1) teleworking (1) telework (1) tax withhold (1) tax withholding (1) processing payroll (1) labor laws (1) Payroll Protection Plan (1) SBA (1) small business administration (1) damage (1) damages (1) economic (1) economic damage (1) NIOSH (1) National Institute for Occupational Safety and Health (1) safety (1) ppe (1) saving (1) strategy (1) customer segmentation (1) save (1) profitable (1) client (1) customer (1) propose (1) proposal (1) tax change (1) tax proposal (1) increase (1) tax increase (1) loan terms (1) negotiating loans (1) financing (1) provisions (1) business real estate (1) commercial (1) location (1) office space (1) shareholder (1) independent investor (1) tax season (1) taxcaddy (1) tax filing (1) tax documents (1) 30th anniversary (1) recognition (1) award (1) lower taxes (1) tax savings (1) tax rules (1) Build Back Better Act (1) proposed tax laws (1) profitability modeling (1) business insurance (1) premium (1) life insurance (1) property-casualty insurance (1) long term disability (1) long-term care (1) car (1) auto (1) suv (1) van (1) write-off (1) reimbursement (1) crisis (1) crisis management (1) contingency (1) research and development (1) research (1) confidential (1) confidentiality (1) financial reporting (1) service providers (1) P&L statements (1) fairness opinion (1) fairness opinions (1) M&A Plan (1) money (1) estate and gift tax (1) health insurance (1) commission (1) commission fraud (1) salespeople (1) trend (1) new employee (1) company growth (1) due diligence (1) real estate investment trusts (1) REIT (1) trade (1) Specified Service Trade or Business (1) SSTB (1) qualified (1) key person (1) discount (1) tax compliance (1) sales tax (1) single-member (1) multi-member (1) limited (1) general partners (1) self-employment tax (1) medium business (1) qualified business income deduction (1) cash-method accounting (1) depreciation deduction (1) Junior Achievement Business Hall of Fame (1) asset (1) owner (1) staff (1) workers (1) accounting software (1) tax strategy (1) tax liability (1) tax files (1) tax records (1) federal tax (1) records (1) financial records (1) bills (1) receipts (1) personal tax files (1) growth by acquisition (1) manager (1) management (1) supervisor (1) education (1) education plan (1) recruitment (1) training (1) remote employees (1) remote employee (1) ICHRA (1) Individual Coverage Health Reimbursement Arrangement (1) telecommute (1) health benefits (1) sell business (1) organized crime (1) National Federation of Independent Business (1) NFIB (1) close (1) close business (1) debts (1) Small Business Reorganization Act (1) SBRA (1) home office deduction (1) home-based business (1) perk (1) perks (1) cafeteria plan (1) kentucky tax law (1) gas (1) fuel (1) supply (1) suppliers (1) supplier (1) marketplace (1) market (1) online (1) supplies (1) scam (1) product (1) seller (1) buyer (1) work opportunity tax credit (1) work opportunity (1) Kirsch promotions (1) auditor (1) assessment (1) amend (1) amended (1) internal control reviews (1) compilation (1) inventory tracking (1) labor cost tracking (1) job costing (1) networking (1) projects (1) collecting (1) family business (1) cost approach (1) ESG (1) environmental (1) social (1) governance (1) fraud risk (1) risk assessment (1) equipment (1) purchase (1) combat inflation (1) ESOP (1) Employee Stock Ownership Plans (1) company stock (1) ERISA (1) Employee Retirement Income Security Act of 1974 (1) corporate (1) legislation (1) profitability analysis (1) best places to work (1) best of the best (1) firm (1) leases (1) accounting standard (1) SALT cap workaround law (1) lend (1) lending (1) loans (1) loaning (1) case study (1) tech (1) buy-sell (1) legacy gift (1) funding (1) living trust (1) will (1) wealth (1) financial management (1) payroll support (1) statement (1) tool (1) accrual-basis (1) rollover (1) inventory (1) disaster (1) interruption insurance (1) Business interruption (1) charity (1) charitable donation (1) corporation (1) cashflow (1) research expenses (1) income tax liability (1) research credit (1) types of financials (1) SSA (1) Social Security Administration (1) wage base (1) claim (1) small business owner (1) reduce (1) reduction (1) Research & Development (1) research & development expenses (1) expenses (1) risk management (1) PTE (1) Pass-through entity (1) 2023 outlook (1) chief financial officer (1) bookkeeper (1) next level accounting services (1) strategic tax planning (1) pricing analysis (1) cash flow planning (1) exit and retirement planning (1) SECURE (1) Setting Every Community Up for Retirement Enhancement 2.0 Act (1) bill (1) required minimum distribution (1) contributions (1) mileage rate (1) rate (1) medical (1) moving (1) standard mileage (1) ati (1) adjusted taxable income (1) research and experimentation (1) R&E (1) digital enterprise (1) mobile (1) cloud-based (1) financial statement (1) forecasting (1) projections (1) projection (1) NOL (1) net operating loss (1) COD (1) cancellation of debt (1) forgiven (1) forgiveness (1) financial roadmap (1) payroll tax deferral (1) quickbooks (1) SafeSend Returns (1) valuing (1) holistic (1) fradulent (1) invoices (1) ethereum (1) FSOC (1) Financial Stability Oversight Council (1) fringe (1) fringe benefit tax (1) fringe benefits (1) SECURE Act 2.0 (1)

Sign Up for Email Updates

Related Articles