A vishing (voice phishing) scam is targeting many individuals using security features to provide cyber-criminals with access to a customer’s account. Threat actors are spoofing phone numbers, masquerading as the potential victim’s bank, and claim that there are suspicious withdrawals on their account. After the customer verifies that the withdrawal is fraudulent, the threat actor asks for the banking customer’s member identification. This information is then used by the threat actor to generate a one-time verification code text message from the legitimate banking institute. The threat actor prompts the customer for this code and uses it to reset the victim’s password, granting them access to the account. The Cumberland County Department of Information Technology recommends individuals who receive similar calls to hang up and contact their bank via the contact information found on their banking website or the customer service number found on the back of their payment card to verify the call’s authenticity and report the fraud, if applicable. Users are urged to regularly monitor their banking statements for fraudulent activity. For further information, please review the CBS News article. |
Category: CyberSecurity Warnings
Cybersecurity Awareness Scam October 24, 2019
The National Cybersecurity Awareness Month October 2019 theme is “OWN IT. SECURE IT. PROTECT IT.” This theme emphasizes three roles each individual plays in online safety and enhancing cybersecurity at home and at work.
• “OWN IT: Understand Your Digital Profile.” Many individuals have several accounts on various social media platforms and use a variety of apps on their devices that can present opportunities for malicious actors to compromise sensitive personal information.
• “SECURE IT: Secure Your Digital Profile.” The web is a vast, information-dense space filled with digital footprints that make it easy for cybercriminals to obtain personal information about potential victims.
• “PROTECT IT: Maintain Your Digital Profile.” Understanding and modifying security settings, creating strong passwords, and implementing multi-factor authentication are effective ways to secure your online accounts and protect your data. All of these measures are a part of good cyber hygiene.
Cybersecurity is a shared responsibility. Cybercriminals do not discriminate and can target home users, small businesses, and large corporations at any time. Although National Cybersecurity Awareness Month is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity every October, it is important to be cyber smart and continue cybersecurity best practices all year.
We often see reports of vishing (or voice-based phishing) scams, a form of social engineering, conducted by impersonating trustworthy people or entities over the phone in an attempt to convince a target to divulge personal or financial information or take an action, such as allowing remote access to their device. These criminals will often conduct preliminary reconnaissance on their targets before attempting to make contact in order to craft the most believable scenario possible. They may impersonate an individual within an organization or an external entity, such as an internal help desk employee or external technical support specialist. Incoming calls may show up as unrecognized or spoofed phone numbers which appear as though they are coming from a known contact. We highly recommend users refrain from answering unexpected calls from unknown or suspicious numbers. If these calls are answered, do not respond to any requests for sensitive information and hang up immediately. If suspicious inquiries are made from representatives of a trustworthy entity, call them back using a known legitimate phone number to verify the authenticity of a request. We advise users to review the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) publication Tired of Receiving Scam Calls? Don’t Just Sit There. Do Something About It for additional information and tips about phone scams.
Have a Great Day!
Stan Field, CFE, CFCE
Department of Information Technology
Chief Information Security Officer
County of Cumberland
135 Sunny Slope Drive
Bridgeton, NJ 08332
Email: stanfi@co.cumberland.nj.us
856-453-2127 ext 12310
856-332-2254 (c)