Hackers use "voice phishing" attack to steal Cisco customer personal info

News
By published

Data on an undisclosed number of customers grabbed in attack

Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
(Image credit: Shutterstock)
  • A scammer tricked a Cisco employee into granting access to a CRM
  • The attacker then used the access to exfiltrate sensitive data
  • Affected customers were notified "where required by law"

Cisco has admitted recently suffering a cyberattack which saw it lose a whole lot of customer data, including personally identifiable information (PII).

In a short announcement published on its website, the company revealed a threat actor used voice phishing (vishing) to trick a Cisco representative and gain access to an instance of a third-party cloud-based Customer Relationship Management (CRM) system it uses.

Following the intrusion, Cisco launched an investigation, which determined sensitive customer data was extracted.

Passwords are safe

“Our investigation has determined that the exported data primarily consisted of basic account profile information of individuals who registered for a user account on Cisco.com (name, organization name, address, Cisco assigned user ID, email address, phone number, and account-related metadata – such as creation date),” Cisco said.

“The actor did not obtain any of our organizational customers’ confidential or proprietary information, or any passwords or other types of sensitive information. Cisco did not identify any impact to our products or services, and no other Cisco CRM instances were affected.”

Cisco said that affected users were notified “where required by law”, but did not mention if the data was being used in the wild. Crooks can either sell it on the dark web, try to extort Cisco, or use it to target the company’s customers with custom-built, convincing phishing attacks.

Vishing is a form of phishing done over the phone, and usually revolves around the criminal convincing the victim they’re someone they’re not (an IT technician, a bank employee, or a government agent).

Knowing that the individuals are, or were, Cisco customers, threat actors can spoof the company and send emails that trick the victims into making payments, sharing login credentials, or downloading malware.

Cisco users should be wary of any incoming emails, especially those claiming to come from the company and carrying a sense of urgency with them.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.