720-891-1663
Everyone has been dealing with phishing emails for years and, for many companies, it is somewhat old hat. That doesn’t mean that they have phishing handled, but at least, for many companies, they understand what they are up against and have a strategy to try and mitigate it.
So the hackers move on.
To voice phishing or vishing.
Let’s ask GoDaddy about vishing.
Around November 13th hackers called GoDaddy’s customer service line and convinced the agent to transfer control of one of Liquid’s domains to the hacker, allowing the hacker to change DNS records and ultimately get control of a number of email accounts according to the cryptocurrency trading platform’s CEO. Their CEO says that their customer’s cryptocurrency is safe.
In April of this year GoDaddy admitted that 28,000 of its customers’ accounts were compromised due to a security incident that happened 6 months earlier.
In March hackers used a voice phishing attack against GoDaddy to transfer ownership of at least a half dozen domains to the hackers, including the escrow firm escrow.com
On November 18th, cryptocurrency mining service NiceHash discovered that some of the settings of its domain registration services at GoDaddy had been changed, causing them to institute a lockdown until they could figure out what was going on (hint: voice phishing).
GoDaddy did admit that a limited number of GoDaddy employees fell for a social engineering scam.
You get the point. For more details read Brian Krebs’ column here.
This is just the tip of the iceberg.
What hackers have figured out is that people are much easier to hack than systems.
This means that if you operate a customer service team, you are at risk and the risk is rising. Quickly. Especially if you control something the hackers might want like money or control of domains or information or a lot of other things.
So, while many companies do phishing training (DO YOU?), way fewer do vishing training and I suggest you should change that now.
Before you wind up in the press and not for a good reason.
It is bad enough that the FBI issued an alert on the subject recently.
Sorry.
Have a great and safe Thanksgiving (or did have if you read this afterward).