Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Cybercriminals Lean Heavily on Social Engineering Tactics to Gain Access to Bank Accounts

    iStock-1133860023 (1)A series of attack anecdotes shared by Brian Krebs shows how persistent and sophisticated scammers are in using social engineering tactics to gain access to their victim’s bank account details.

    It all starts with a bit of information about their next potential victim; using credit card records for sale on the dark web, scammers use all the pertinent details necessary: name, address, phone number, email address and full credit or debit card number, expiration date, and card verification value (CVV) printed on the back of the card.

    According to KrebsOnSecurity, one victim called Jim was the target of not just one, but a few separate social engineering-based attacks using both the phone and email as initial communication mediums. These attackers used techniques such as calling Jim pretending to be the bank while simultaneously calling the bank pretending to be Jim (in an attempt to pass along passphrases and transaction details in real time), as well as spoofing Jim’s phone number in order to retrieve recent transactions from the bank’s automated customer service line to be used when calling the bank later impersonating Jim.

    Attacks are no longer simple campaigns with a story arc; today’s social engineering scams take into account all of the “what ifs” should their victim attempt to call the bank themselves, be hesitant to comply, and more. Having planned for every contingency, I can see why these kinds of attacks succeed.

    What’s needed is for the individual to consider any bank-initiated communication as potentially false, scrutinizing the message, the contact details, and the next action to be taken. This issue has material ramifications for those individuals within the organization that are responsible for the company’s financials. Putting users through Security Awareness Training is an effective way to heighten their sense of scrutiny when interacting with email, inbound phone calls, and the web.

    The place to stop these attacks is before a link is clicked and before any security questions are answered – teaching users to remain vigilant is the key.

     

    Return To KnowBe4 Security Blog

    The world's largest library of security awareness training content is now just a click away!

    In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world's largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.

    You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.

    ModStore01-1The ModStore Preview includes:

    • Interactive training modules
    • Videos
    • Trivia Games
    • Posters and Artwork
    • Newsletters and more!

    Start Your Preview

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/training-preview

    Topics: Social Engineering, Security Awareness Training, KnowBe4

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews