Cyber criminals have changed techniques and tactics when compromising employee accounts or credentials. Cyber criminals are trying to obtain all employees’ credentials, not just individuals who would likely have more access based on their corporate position. According to FBI case information, as of December 2019, cyber criminals collaborated to target both US-based and international-based employees’ at large companies using social engineering techniques. The cyber criminals vished these employees through the use of VoIP platforms. Vishing attacks are voice phishing, which occurs during a phone call to users of VoIP platforms. During the phone calls, employees were tricked into logging into a phishing webpage in order to capture the employee’s username and password. After gaining access to the network, many cyber criminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network often causing significant financial damage.
