Scarinci Hollenbeck, LLC
The Firm
201-896-4100 info@sh-law.comFirm Insights
Author: Scarinci Hollenbeck, LLC
Date: September 10, 2020
The Firm
201-896-4100 info@sh-law.comHackers continue to target teleworking employees, trying to capitalize on cyber weaknesses that may arise from companies having a large and relatively untested remote workforce. According to the Federal Bureau of Investigation (FBI) and U.S. Cybersecurity and Infrastructure Security Agency (CISA), the latest COVID-19-related cyber threat comes from voice phishing or “vishing” attacks.

According to the FBI/CISA Alert, hackers, who have been perpetrating the schemes since July, have registered domains and created phishing pages duplicating a company’s internal VPN login page, also capturing two-factor authentication (2FA) or one-time passwords (OTP). They have also obtained certificates for the domains they registered and used a variety of domain naming schemes, including Secure Sockets Layer (SSL).
To help carry out the attacks, cybercriminals have then compiled dossiers on the employees at the specific companies using mass scraping of public profiles on social media platforms, recruiter and marketing tools, publicly available background check services, and open-source research. The information collected about the employees includes: name, home address, personal cell/phone number, position at company, and duration at company.
According to the FBI, the first iteration of the cyber scheme involved using Voice Over Internet Protocol (VoIP) numbers to call employees on their personal cellphones. Cybercriminal then started incorporating spoofed numbers of other offices and employees in the victim company. The actors used social engineering techniques and, in some cases, posed as members of the victim company’s IT help desk, using their knowledge of the employee’s personally identifiable information—including name, position, duration at company, and home address—to gain the trust of the targeted employee. The targeted employee is then told that a new VPN link would be sent and required their login, including any 2FA or OTP. The cybercriminals then logged the information provided by the employee and used it in real-time to gain access to corporate tools using the employee’s account.
The FBI identifies several steps that businesses can take to avoid falling victim to a vishing attack. They include:
Employees can also play a significant role in thwarting vishing attacks. The FBI recommends that employees:
As we have discussed in prior articles, employees are often a company’s largest cyber risk. With an increasing number of employees now working from home, the threat is even greater. We encourage businesses to thoroughly review their policies and procedures to determine what changes may be needed to strengthen your defenses in light of the influx of cyberattacks targeting remote workers.
If you have any questions or if you would like to discuss the matter further, please contact me, Maryam Meseha, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.

Every lawsuit comes with a cost, and knowing when to settle a lawsuit is one of the most consequential decisions a business owner will face. Experienced litigators understand how to minimize cost and obtain certainty for their clients. For many business owners, the decision is viewed almost entirely through a financial lens: What will it cost […]
Author: Sean M. Pena

Few situations create more uncertainty than learning that an employee has filed a whistleblower complaint. Questions arise immediately: Is the allegation legitimate? Should the employee be placed on leave? Do we need to notify our insurance carrier? Are we now prevented from disciplining the employee if there are unrelated ongoing work related issues? There is […]
Author: Sean M. Pena

When a business reaches the point where it can no longer service its debts or otherwise resolve its liabilities, management is often faced with a difficult question: is a bankruptcy filing necessary or is there another way to perform an orderly liquidation or sale of the business assets? While Chapters 7 and 11 of the […]
Author: John D. Giampolo

For many years, the New Jersey Mansion Tax has been a significant consideration in high-value real estate transactions. Recent legislative changes, however, have substantially altered how the tax operates, including who is responsible for paying it and the amount owed in certain transactions. Whether you are purchasing, selling, or investing in New Jersey real estate, […]
Author: George McGowan

As our personal and financial lives increasingly move online, estate planning must evolve to address a new category of property: digital assets. From email accounts and social media profiles to cryptocurrency and cloud-stored business records, these assets often carry both financial and sentimental value. Yet, without proper planning, they can become inaccessible—or even lost—upon incapacity […]
Author: Marc J. Comer

In today’s mergers and acquisitions market, representation and warranty (R&W) insurance has become a common feature of deal negotiations. Once used primarily in larger transactions, R&W insurance is now frequently incorporated into middle-market deals as buyers and sellers look for efficient ways to allocate risk and close deals. When structured properly, R&W insurance can help […]
Author: George McGowan
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!