More than 130 organizations across the U.S. are having their employees subjected to a new ongoing social engineering scheme involving the impersonation of VPN providers via phone calls and SMS messaging to facilitate eventual credential theft and network compromise, SC Media reports.
Attacks commence with a phone call from a help desk member-spoofing actor claiming to address a VPN log-in issue, which would be followed by the delivery of an SMS link redirecting to fraudulent sites resembling those of VPN vendors Cisco and Palo Alto Networks, according to an analysis from GuidePoint Research and Intelligence Team researchers. Such sites, which have been registered by the attacker since late June, seek to obtain targets' credentials, which would be later leveraged for network compromise, said researchers, who noted that attackers' utilization of calls and SMS messaging make detection challenging.
"Training is no longer effective against these attacks alone. That's why it's imperative that organizations must employ AI-based anti-phishing in SMS and other messaging apps locally on the phone to pre-emptively thwart these attacks before they compromise employees," said SlashNext Email Security CEO Patrick Harr.
