Remote access, Pen testing, Attack simulation, Email security, OSINT, Social engineering

Phishing and Vishing Protection for Remote Workers

October 14, 2020
  • Increased use of personal computers and phones to conduct our work remotely
  • Increase in phishing emails targeting remote workers
  • Increase in vishing calls to our personal phones targeting remote workers
  • Start with awareness. Educating your employees on why phishing/vishing is harmful and empowering them to detect and report phishing attempts is a key element of protection.  For more information, please visit Rapid7’s Phishing Awareness Training
  • Teach them phishing prevention/verification tips. Phishing tips have been pretty standard and include looking for suspicious file attachments and malicious website URLs, promoting good credential behavior, and keeping systems patched for the latest vulnerabilities.  For more information, please visit Rapid7’s Phishing Attacks: A Deep Dive with Prevention Tips
  • Teach them vishing prevention/verification tips. Vishing tips aren’t as well known, but include basic common-sense approaches, including:
    • Asking for their name to look-up in the company directory
    • Asking for internal company information to verify their knowledge
    • Asking for a call back number to verify where they are calling from
    • Asking for their supervisor’s name to look-up in the company directory
    • Avoid emotions, especially if the caller is using an incident to collect information
  • Practice, practice, practice. Companies need to regularly (every 3 months is a good cadence) phish/vish their employees to give them practice at recognizing AND reporting these attacks. For more information, please visit Rapid7’s Tips for a Successful Phishing Engagement
prestitial ad