Telephone scam – Vishing threatens teleworkers

[German]Security researchers at Check Point have observed hackers using social engineering primarily to defraud home office employees. The targets are personal information, funds and the introduction of malware into a corporate network.


In times of the coronavirus pandemic, employees switch to the home office to work if possible. This offers cyber criminals a new attack vector to attack the home workers themselves, but also their employers.

What is Vishing?

Vishing is a variant of phishing, whereby the voice – V for the English term 'voice' – is in the foreground. Fraudsters call employees and impersonate a specific employee in order to gain access to certain parts of the network, information or skills, such as the company's money transfer – the classic con. At the same time, however, they are also satisfied with directly robbing the target, here the employee in the home office, instead of the company.

Vishing attacks detected

The attacks now discovered by Check Point are particularly sophisticated: Hackers use LinkedIn to find out which employee has access to what via information stored there and thus represents the most lucrative target. In addition, the security researchers have discovered that criminals in English-speaking countries are already recruiting fraudsters who speak English flawlessly and read from a cleanly written piece of paper when they make their phone call.

In addition, cyber criminals are constantly changing the telephone numbers from which the fraudulent callers are made in order to avoid ending up on a blacklist. Vishing attacks are often accompanied by the claim that an executive is calling. Often the calls claim that the executive is from the finance, legal or human resources department. Here are a few more attack methods as graphics:

Vishing attacks


Vishing attacks

Vishing attacks

Home office employees are very popular targets because these teleworkers are alone at home and of course are less able to check whether their supervisor is really talking on the phone.

CISA also warned in August 2020

Check Point's observations on vishing corroborate the warnings of vishing issued in August by the Cyber Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) – both based in the USA. Both drew attention to targeted attacks against U.S. companies and also emphasized that teleworkers were the main target of the calls. 

Vishing: New risk for teleworkers

Commenting on the campaigns, Lotem Finkelsteen, Manager of Threat Intelligence at Check Point Software Technologies, said:

Vishing is one of the most dangerous threats facing teleworkers today and fraud is rarely detected. We've seen an increasing number of multi-layered cyber attacks that use vishing as part of their infection chains. For one thing, vishing helps hackers to learn more about their targets in advance. On the other hand, it deepens the more familiar phishing, as, for example, the combination of a call and an SMS message supports the con. Vishing is also becoming the core of larger attacks, where victims are tricked into revealing 2FA codes via SMS or giving access to specific systems – as happened in the big Twitter hack earlier this year.

While it all refers to the U.S. and people who use LinkedIn to reveal too much personal information about themselves and their workplace/employer, I can also imagine such attacks in other countries of the world. A practical example of what Check Point was confronted with can be read in this article.

Check Point Research provides cyber threat information for Check Point Software customers and the intelligence community. The research team collects and analyzes global cyber attack data stored in the ThreatCloud to help keep hackers out while ensuring that all Check Point products are updated with the latest protection. The research team consists of over 100 analysts and researchers who work with other security vendors, law enforcement and various CERTs.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *