[ALERT] CEO Fraud Escalates. Bad Guys Now Go After Employee Personal Address And Phone Number



HEADER-DSTKnowBe4 is observing a serious escalation of CEO Fraud. They are now requesting street addresses and personal phone numbers of employees—an attempt to contact and manipulate employees outside of normal organizational channels (and beyond the scope of whatever protections are in place within the organization's network).

That would indicate the bad guys are increasingly confident in their ability to use social engineering and work over targets in a much more up-close, personal fashion.

Here is an example of this new type of CEO Fraud:

From: CEO@redacted.com [mailto:CEO@@redacted.com]
Sent: Friday, 4:54:28 PM (UTC-05:00) Eastern Time (US & Canada)
To: Walker, Emily
Subject: Urgent Request

Emily

 

I need a list of every employee's address and personal number. I need them in PDF format and uploaded here for security purposes. Prepare the list and upload them for me asap.


Thanks

I suggest you send the following to your employees in accounting specifically. You're welcome to copy, paste, and/or edit:

The bad guys are getting creative with CEO Fraud scams, They are escalating their requests and now ask for physical address and phone numbers of employees. This allows them to talk directly to employees and try to manipulate them into doing something against their and the organization's best interest. Never comply with request like that and always confirm using a live phone call to make sure this is not a scam. Sometimes it's OK to say "no" to the boss!
Can Your Domain Be Spoofed? 
 
Did you know that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain? Now they can launch a "CEO fraud" spear phishing attack on your organization.
 
KnowBe4 can help you find out if this is the case with our free Domain Spoof Test

One email from us to you shows if your email server is configured correctly. To enter just go here fill out the form, it's quick, easy and often a shocking discovery. 

Let's stay safe out there.

Warm regards,

Stu Sjouwerman

Founder and CEO, KnowBe4, Inc

NewStu.png

 

Topics: CEO Fraud

Subscribe To Our Blog


BP future Direction of Security Awareness Training On-Demand Webinar

Recent Posts




Get the latest about social engineering

Subscribe to CyberheistNews