The FBI recently issued a warning about the growing use of vishing as a new tactic that cybercriminals are using to exploit network access and privilege escalation. The rise of vishing comes in part due to COVID-19 and the need of many businesses to adapt their IT environments to comply with social distancing orders and remote workers. For many, these technical alterations have made it difficult to keep track of who has access to different points on a business network and what type of access people have to different information assets.
What is Vishing?
Vishing is voice phishing. Most vishing scams run a common course of actions:
- The cybercriminal compiles a profile of an employee – often by gathering easily accessible information like the kind of information available on social media.
- The cybercriminal contacts the individual on his or her personal cell or office phone and spoofs the caller ID so that the call appears to be coming from a trusted resource like an IT professional, a help desk employee, or a trusted organization like Microsoft.
- Then the cybercriminal either asks the employee to allow them to take control of their PC remotely or for the employee to log into a fake webpage that looks like a trusted company webpage.
- Now the cybercriminal has a set of credentials that they can use to mine the company’s databases, records and files. The cybercriminal can then use this data access to leverage against the company for ransom.
How to Avoid Getting Vished
It’s important to understand that nothing is fool proof. There is no magic pill that will make your dealership immune to a cybersecurity breach. However, the best, most effective way to minimize the impact of a cyberattack is to have the appropriate people, processes, and technology in place to swiftly identify and stop a cyberattack in the works.
Below are a few best practices that can help mitigate the risk of a vishing attack:
- Education – Most breaches start with a phishing/vishing attack. Ongoing cybersecurity training with a tool like KnowBe4 will greatly reduce your risk of a breach.
- User Access Restrictions – Ensure that only employees who need administrative rights have it and that only authorized users and devices have access to dealership systems.
- Continuously Monitor for Unusual Activity – The use of Security Information Event Management (SIEM) technology can continuously look at access logs from a variety of dealership technologies to identify a suspicious event or a combination of events that are indicative of an attack in progress. With this information – and the right people monitoring this information – an attack in the making can be stopped in its tracks.