Have you experienced vishing? Voice phishing is a form of criminal phone fraud, using social engineering over the telephone to gain access to private personal and financial information for the purpose of financial reward.
Our team was on the phone with a system provider for Asfalis and the person on the other end of the phone was able to log into our system, risking the protection of our key information. So how did this happen to us … out of all people? The simple answer is, not paying attention.
- When we typed in the company name and the search engine came back with over 50 phone numbers – We dialed the 1st number we saw, without verifying.
- When we called, we never heard a professional recording from the company, someone picked up the phone and just said hello.
- As we sat on hold, the person on the other end sent a report saying the account was corrupted. Logically, that didn’t make any sense, as our team had not experienced any problems with the account.
As we began thinking about all of the ALARMS that were glaring from this situation, we hung up the phone and disconnected them from the computer.
If you every find yourself in a vishing situation, here are a few steps we followed to protect ourselves and Asfalis:
- Disconnected our computers from an internet connection
- Ran multiple malware scans
- Changed the passwords on our accounts immediately
- Don’t keep it a secret, it provides an opportunity to learn (we see this as a two-way street)
If you find yourself in a similar situation, contact Asfalis for guidance to better secure your assets.