top of page
Writer's pictureMac McAhren

Stay Alert! Voice Phishing Used in Recent Ransomware Attacks



The recent ransomware attack on MGM Resorts International has brought to light a new form of cyber threat known as “voice phishing” or “vishing”. This method involves an attacker impersonating an employee or a trusted individual, often using information gathered from platforms like LinkedIn, to trick the victim into revealing sensitive information, such as passwords.


In the case of MGM Resorts, the attacker posed as an employee and requested a password change from the help desk. Once the password was changed, the attacker was able to install ransomware, leading to significant losses for the company. As of now, MGM’s lost revenues amount to $52 million and counting.


Threat Detected Image

This incident underscores two important points:

  1. Increased Verification: If you call support for a manual password reset, be prepared for rigorous verification processes. This could include a video call where you may be asked to show your driver’s license. This is a necessary step to ensure that the person requesting the password change is indeed who they claim to be.

  2. Identity Verification: If you receive a call at work from an unknown person asking you to do anything involving money or account credentials, it’s crucial to verify their identity and authorization before proceeding. If their identity cannot be confirmed, it’s safer to hang up and report the incident to your organization’s security team.

In conclusion, as cyber threats continue to evolve, it’s essential for individuals and organizations alike to stay alert and take proactive measures to protect their digital assets. This includes being aware of new phishing techniques like vishing and implementing robust verification processes.


(Images by iStock.com/1550539 and HT Ganzo)

Bình luận


MAC'S TECH NOTES

Mac's notes from the tech bench. Everything Macintosh and then some!
bottom of page