-
May 19th, 2018, 10:39 PM
#1
Junior Member
Spear-Phishing Attack - most likely suspect? New VoIP phone system
Hi, I have two customers who recently installed new VoIP systems. Both are relatively small businesses (<50 FTE), and have an in-house "IT" employee who doubles as something else as well.
Both of these clients experienced spear-phishing attacks that were quite good.
One had invoices go to their clients asking for payments with all of their correct information. The only difference was the payment information which stated it should go to a new ACH account. Invoice looked EXACTLY like theirs, all names and addresses were correct.
The second was very similar, but the request was for credit card payments...
The common element here was the installation of the new VoIP systems by relatively small re-sellers. The on-site IT personnel gave the vendors access to their routers and firewall to create the VLAN tunnels for the voice data.
Has anyone else seen this? I asked both companies to open cases with local authorities to try and get a trace (both are relatively large transaction amounts). Both are reluctant to do so..
Also, the Hold Hostage (where the 3rd party vendor changes all their admin passwords after changing). I find this is a new form of "ransomware".
-
May 20th, 2018, 01:29 PM
#2
-
December 31st, 2023, 07:13 PM
#3
Junior Member
I'm aware that my answer is a bit late, but I just wanted to chime in. It's understandable that both companies might be hesitant to involve local authorities, especially if they're dealing with substantial transaction amounts. However, it's crucial to address these incidents seriously. A security audit could be a less invasive yet effective way to identify potential vulnerabilities in their systems.
-
December 31st, 2023, 09:30 PM
#4
Junior Member
Regarding the ""Hold Hostage"" situation, it does indeed resemble a form of ransomware, where third-party vendors gain control and then lock out the rightful administrators. This not only disrupts operations but can also have severe financial consequences.
During my research, I came across this interesting information about ring groups at https://www.mightycall.com/features/ring-groups/. Just wanted to share it with you; it might come in handy when managing your VoIP setup
In the ever-evolving world of cybersecurity, staying vigilant and continuously improving security measures is key.
Last edited by EliezerBlair; January 3rd, 2024 at 03:41 PM.
Similar Threads
-
By tonybradley in forum Phishing and Cyber Scams
Replies: 10
Last Post: February 17th, 2022, 08:33 PM
-
By sachin123 in forum Newbie Security Questions
Replies: 1
Last Post: February 5th, 2018, 04:46 PM
-
By Techrev in forum Security News
Replies: 3
Last Post: December 31st, 2017, 07:54 PM
-
By whatthe in forum Phishing and Cyber Scams
Replies: 1
Last Post: May 16th, 2005, 10:29 PM
-
By whatthe in forum Phishing and Cyber Scams
Replies: 4
Last Post: April 6th, 2005, 08:43 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|