We often discuss cybersecurity tactics such as email phishing, where the bad actor delivers a sneaky ask via email in an attempt to lure an employee into clicking on a compromised URL, downloading an infected file, or sharing confidential information about your customers or your company.
But some hackers are more old school in their approach and call their victims, a practice known as a vishing attack. These attacks often involve a phone call where the scammer pretends to be from a legitimate source.
We often hear about unfortunate instances where an employee answers a phone call from a hacker pretending to be from tech support and then shares access to a device, only to realize later it was all a scam.
In fact, if you follow cyber attacks in the news, you may remember the high-profile incident with MGM Entertainment last fall. The single access point that allowed the infamous cybercrime group “Scattered Spider” to completely shut down several casinos and hotels under the MGM umbrella used that old-school approach – albeit reversed. The bad actors called the corporation’s tech support company and gained access to the entire network by pretending to be an employee. Unfortunately, the tactic works both ways.
How do you protect your employees and your organization from such a simple but sneaky approach? If you are not encountering any IT issues, and someone calling to be from a tech support company or a vendor partner calls you unexpectedly, here are simple tips to avoid being the victim of fraud:
If an employee realizes a scam might have taken place, that is when you should call your trusted IT partner. MSPs can run assessments and scans to uncover malicious code or hidden apps that can lurk in your network, siphoning off data for weeks or even months. The sooner you involve your IT professional, the more quickly access or damage to your network can be contained.
[Download our tip sheet on preventing wire transfer fraud]
Tip: When selecting a managed IT services partner, ask what security steps are in place to prevent this type of fraud. At Exigent, we follow multifactor authentication for phone calls, using a tool that allows confirmation the person calling in for “support” is a real employee at our client’s organization. Similarly, if you receive a call from Exigent, you can ask for the team member’s name, hang up, and either call our support hotline or enter a ticket to confirm that there is a real issue.
Don’t let your business fall victim to vishing scams. Equip your team with the knowledge and tools they need to stay safe. Download our comprehensive guide on how to prevent vishing attacks or get in touch with one of our team members about Vigilant Security Awareness Training today!
Daniel Haurey Jr. is the president and founder of managed IT services provider Exigent Technologies, which he founded in 1997. Under his leadership, the MSP has earned accolades ranging from Channel Futures MSP 501 to being named SonicWall’s 2024 MSP Growth Partner of the Year. Dan is a true entrepreneur, dedicated to growing, investing in, and mentoring small businesses. You can find him on LinkedIn, where he regularly posts about technology, business, leadership, and community.