Many companies are forced to change working practices because of the COVID-19 pandemic. A large number of employees now work remotely from home. In healthcare, personnel can work remotely and offer telehealth services to their patients. Although this strategy is essential to control the virus and to make sure that patients still get the medical services they require, remote working brings in cybersecurity threats and cybercriminals are taking advantage of the situation. There has been a notable rise in cyberattacks directed at remote workers in the past three months.
Several techniques are being employed to fool remote employees into installing malware or revealing credentials, such as a new strategy that cybersecurity firm IRONSCALES has lately uncovered.
In a current report, IRONSCALES mentioned that cybercriminals are spoofing messages generated automatically by Private Branch Exchange (PBX) systems to steal credentials. PBX is a legacy phone system that a number of enterprises use to handle calls on autopilot. One of the functions of these systems is the recording of voicemail messages and sending recordings directly to the inboxes of users. These systems have been very helpful during the COVID-19 pandemic, as they make sure that employees do not miss vital voicemail messages while doing their job remotely. But cybercriminals also got another way to conduct an attack.
In this strategy, the attackers spoof messages from the PBX system and tell an employee that there is a new voicemail message. The emails are customized and include the user’s name or company name to make it look that the communications are legitimate. Subject lines used with the messages are also meticulously crafted to spoof the messages sent by the genuine PBX systems.
To receive the messages, users are led to an online site that spoofs PBX integrations with the purpose of stealing credentials. It may appear strange for attackers to make phishing websites to spoof PBX integrations considering that the majority of voicemails are rather benign in the data shared. Nonetheless, attackers understand that the credentials could be employed for several other logins, such as for websites with important PII or business data. Furthermore, any sensitive information that is remaining in the voicemail can possibly be utilized for a social engineering attack.
IRONSCALES discovered this voice phishing (vishing) strategy in mid-May. Based on the report, the vishing campaign is being done internationally and about 100,000 mailboxes were targeted. If your company sends voicemails automatically to workers’ inboxes, then your organization is vulnerable to falling victim to this trick.
IRONSCALES recommends increasing awareness of this fraud with remote workers and employing an email security system good at sensing and blocking email security risks such as this, which to date were useful at bypassing DMARC anti-spoofing measures.