Beware of Fake IT Calls Trying to Steal Your Password

A very recent report from The Register highlights a cybercrime group called “Pink” that uses voice phishing (vishing) and fake IT helpdesk calls to trick employees into revealing their login credentials or approving multi-factor authentication (MFA) requests.

Once the attackers are able to login to the target’s corporate systems such as SharePoint, OneDrive and Teams, they will then steal sensitive data as the means to extort the companies, often by threatening to leak the information unless a ransom is paid.

These tactics are actually not new — they are just the latest version of methods that have been used by other hacker groups like Lapsus$ and Scattered Spider. This shows that social engineering via phone calls remains one of the most effective ways attackers bypass security controls, even in large organizations.

Here are some tips to stay safe from these social engineering tricks:

How to Spot Phishing & Vishing Scams

Look out for these tell-tale signs that the call may be fake:

  • Be cautious of unexpected calls
  • Callers claiming to be IT support, vendors, or colleagues asking for urgent access or password resets
  • Pressure tactics like “your account will be locked” or “urgent MFA update required”
  • Requests to approve login prompts you didn’t initiate

Always verify the caller or sender through official channels, such as calling your IT helpdesk back using their official telephone numbers.

Watch out for suspicious emails (Phishing)

Look out for these indicators that the email is not legitimate:

  • Generic greetings like “Dear user”
  • Language that is urgent or threatening (e.g., “your account is going to be terminated immediately”)
  • Unexpected attachments or login links

It is always a good habit to always check the link before you click or tap on it — hover over the link before clicking and don’t click/tap on it if the URL looks unusual or suspicious.

Carefully check website URLs before you click/tap on them

In addition, look out for the following in the links:

  • Slightly altered domains (e.g., “micros0ft.com” is fake whereas the real one is “microsoft.com”)
  • Extra words like “secure-login” or “verify-now” in the URL
  • “https://” is missing at the beginning of the URL

If you do want to follow a link, a good practice will be to always type the URLs manually for important services. Alternatively, bookmark trusted websites and use those bookmarks. And before you enter your password or other personal information, double-check the domain name of the website to make sure it is legit.

Never share your password or MFA codes

Legitimate IT teams will never ask for your password. But if they do need your password to troubleshoot a problem you are having, make sure you are talking to the IT team in person and they are people you really trust are official IT team members.

As for MFA or 2FA requests (such as a specially generated number that you need to login to a system), they should only be approved when you personally initiating the login. If someone asks you for the security PIN or code for a system, it is best to stop and not proceed.

In fact, you should treat any and all request for login details, such as your login ID and password, as very suspicious.

Look out for social engineering tactics

Such tactics include:

  • Attackers who try to sound convincing and knowledgeable
  • They may talk about the internal tools you use (such as Teams, SharePoint, etc) to gain your trust
  • They may often try to create panic or urgency to get you to bypass your own judgment

It is always crucial to slow down, think critically and verify before taking any action that may compromise your credentials or personal information.

Cybercriminals are not only using technical exploits but are also increasingly relying on human manipulation and social engineering tricks. So, it is no surprise that they are starting to impersonate IT helpdesk calls as a common entry point to steal our data and money.

Thus, make sure that you always:

  • Verify requests for credentials & personal information independently
  • Keep your passwords and MFA approvals secret and safe
  • Check URLs carefully before logging in

Leave a Reply

Your email address will not be published. Required fields are marked *

15 + five =