Cybercriminals use various social engineering attacks to impersonate trusted organizations and steal employee login credentials and sensitive corporate information, the Federal Bureau of Investigation (FBI) warns.
The latest Private Industry Notification (PIN) cautions enterprises and workers about the versatility of threat actors attempting to exploit the work-from-home workforce and potential security shortcomings.
“The FBI has noticed a shift in cybercriminal strategy to gather and compromise employee accounts, regardless of what corporate position a worker may hold,” the PIN reads. “Cyber criminals are trying to obtain all employees’ credentials, not just individuals who would likely have more access based on their corporate position.”
Agency case files note that, as of December 2019, threat actors participated in vishing campaigns (voice phishing) targeting worldwide corporations, tricking employees into logging in to fake webpages that snatched their login information, giving them access to the company network.
“The cyber criminals vished these employees through the use of VoIP platforms,” the FBI said. “During the phone calls, employees were tricked into logging into a phishing webpage in order to capture employee’s username and password. After gaining access to the network, many cyber criminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network, often causing significant financial damage.”
In one attack, threat actors targeted an employee using a company chatroom, talking him into logging in to a fake VPN page. After getting his credentials, the cybercriminals surveyed the network to find any employee with higher privileges.
“The cyber criminals were looking for employees who could perform username and email changes and found an employee through a cloud-based payroll service. The cyber criminals used a chatroom messaging service to contact and phish this employee’s login credentials.”
How can employees and businesses avoid such attacks?
The agency also issues a list of mitigation steps, including:
- Implementing and enabling multi-factor authentication (MFA) for accessing employee accounts
- Limiting high-privilege network access to newly hired employees
- Continuously monitoring and scanning for unauthorized access or modifications to prevent loss of sensitive data and compromise
Of course, new and old employees should be forever vigilant and watch out for impersonators and cyber-crooks contacting via email, phone or chat, asking them to perform any actions on their corporate network or to log in to different platforms, no matter how legitimate they may look. Remote workers who notice anything suspicious should immediately contact their managers and company IT department, avoiding any further contact with the perp.