A customer just called me. He found a new strain of attack that's the next scary thing your organization may become the target of.
He's been using our platform for 6 years, first at a bank where he selected our platform and deployed it, and in his second job, they already used KnowBe4 to create their human firewall so he got off to a running start.
The issue he warned me about today is the following. There is a new hybrid attack that starts with a Banking Trojan which gets on the machine by using social engineering to get in, suspected to be email.
Once the Trojan kicks in, it looks in real time for the word "bank" in the browser and if it sees the end user go to their bank, they redirect the user to a malicious site that looks like that bank and steals their credentials. Up to now this is nothing new.
However, here is the wrinkle...
The Trojan starts to slow down the browser, and simulates "technical problems" with the site for a few minutes. Then it comes up with another popup which asks for their name and phone number so that "support can call them back".
Next, the end-user gets a phone call from a live bad guy, claiming to be the support team of the bank, who then starts to social engineer the customer real-time and tries to manipulate the end user into divulging more detail so that the bad guy can make an immediate transfer out of the account.
This is the first time that we hear about this nasty variant on the tech support scam, but now looks like it's tailor-made for a certain bank. You can count on this tactic being used soon for credit unions as well. Not good. Be warned!
Let's stay safe out there.
Founder and CEO,