Hackers Impersonate IT Staff To Gain Network Access

We have alerted our readers to many of the approach vectors that are used by cyber-criminals to gain network access, tactics such as phishing and spearphishing, drive-by downloads from compromised websites, installing remote access Trojan horse software, and the like.  Sometimes the easiest way to get the network credentials you need is simply to ask for them.  One of the methods that have been increasing is impersonating IT staff, either by email, or directly via a phone call.   We are seeing this happening not just in large enterprise environments, but also in small businesses and even with individuals.  Sometimes the call is supposed to be from the Internet Service Provider (“I’m calling from Comcast”) or the caller will represent themselves as working for Microsoft, or a “Microsoft Partner.”

After a short story designed to explain a plausible reason for the call (“we’ve detected some suspicious traffic”) and some other simple requests designed create fear and to build trust in the solution being proposed by the “support technician,” they will usually ask for your network credentials, your user name and password, or better yet, your help to establish a remote control session.  They may use legitimate tools such as TeamViewer, LogMeIn, or GoToMyPC, but once they have access, they can pretty much do anything, and may be installing remote access tools they can use to gain future access without your knowledge.  Or they may install a keylogger so they can gather your credentials and other information about the web sites and applications you use, and network drives you may access.

A legitimate IT professional should not be asking for you to provide your user name or password.  In any event, you should never provide it.  In larger organizations I have worked at as a support tech, we had methods in place where the employees could verify our calls.  This may not be a bad idea for smaller organizations at have contracted with an independent tech support company.

When in doubt, challenge the caller.  If the caller ID number seems wrong, try to call it back.  Calls to a number for a call center generally will not be answered.  If they claim to be from Comcast or Microsoft or your employer’s company, have them send you an email proving it.  The senders email should be on the company’s email domain.  If their story changes, be wary.  Sometimes the best idea is just to hang up.  In any event, developing a healthy suspicion is ultimately going to help you protect yourself from these sorts of exploits.

More information:

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.