KnowBe4 is observing a serious escalation of CEO Fraud. They are now requesting street addresses and personal phone numbers of employees—an attempt to contact and manipulate employees outside of normal organizational channels (and beyond the scope of whatever protections are in place within the organization's network).
That would indicate the bad guys are increasingly confident in their ability to use social engineering and work over targets in a much more up-close, personal fashion.
Here is an example of this new type of CEO Fraud:
From: CEO@redacted.com [mailto:CEO@@redacted.com]
Sent: Friday, 4:54:28 PM (UTC-05:00) Eastern Time (US & Canada)
To: Walker, Emily
Subject: Urgent Request
Emily
I need a list of every employee's address and personal number. I need them in PDF format and uploaded here for security purposes. Prepare the list and upload them for me asap.
Thanks
I suggest you send the following to your employees in accounting specifically. You're welcome to copy, paste, and/or edit:
The bad guys are getting creative with CEO Fraud scams, They are escalating their requests and now ask for physical address and phone numbers of employees. This allows them to talk directly to employees and try to manipulate them into doing something against their and the organization's best interest. Never comply with request like that and always confirm using a live phone call to make sure this is not a scam. Sometimes it's OK to say "no" to the boss!
One email from us to you shows if your email server is configured correctly. To enter just go here fill out the form, it's quick, easy and often a shocking discovery.
Let's stay safe out there.
Warm regards,
Stu Sjouwerman
Founder and CEO, KnowBe4, Inc