Voice Phishing Used in Ransomware Attacks

Phishing is no longer a scam that is limited to emails and texts—recently, “voice phishing,” or “vishing,” was used in a major ransomware attack on MGM Resorts. Using information from LinkedIn, an attacker posed as an employee and called MGM’s help desk asking for a password change, after which he was able to install ransomware. MGM is up to $52 million in lost revenue, and counting.

A rise in such attacks means that requests made over the phone will begin to require much more verification. For example, calling for a manual password reset may necessitate a video call, during which you show your driver’s license.

Additionally, if you receive a call at work from an unknown person who is asking you to do anything involving money or account credentials, you should immediately end the call. Then, verify the person’s identity and authorization and only proceed if the person checks out.