Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Cybercriminals Lean Heavily on Social Engineering Tactics to Gain Access to Bank Accounts

    Stu Sjouwerman | May 7, 2020

    iStock-1133860023 (1)A series of attack anecdotes shared by Brian Krebs shows how persistent and sophisticated scammers are in using social engineering tactics to gain access to their victim’s bank account details.

    It all starts with a bit of information about their next potential victim; using credit card records for sale on the dark web, scammers use all the pertinent details necessary: name, address, phone number, email address and full credit or debit card number, expiration date, and card verification value (CVV) printed on the back of the card.

    According to KrebsOnSecurity, one victim called Jim was the target of not just one, but a few separate social engineering-based attacks using both the phone and email as initial communication mediums. These attackers used techniques such as calling Jim pretending to be the bank while simultaneously calling the bank pretending to be Jim (in an attempt to pass along passphrases and transaction details in real time), as well as spoofing Jim’s phone number in order to retrieve recent transactions from the bank’s automated customer service line to be used when calling the bank later impersonating Jim.

    Attacks are no longer simple campaigns with a story arc; today’s social engineering scams take into account all of the “what ifs” should their victim attempt to call the bank themselves, be hesitant to comply, and more. Having planned for every contingency, I can see why these kinds of attacks succeed.

    What’s needed is for the individual to consider any bank-initiated communication as potentially false, scrutinizing the message, the contact details, and the next action to be taken. This issue has material ramifications for those individuals within the organization that are responsible for the company’s financials. Putting users through Security Awareness Training is an effective way to heighten their sense of scrutiny when interacting with email, inbound phone calls, and the web.

    The place to stop these attacks is before a link is clicked and before any security questions are answered – teaching users to remain vigilant is the key.

    Topics: Social Engineering Security Awareness Training KnowBe4

    Access the World’s Largest Security Awareness Library

    Explore over 1,000 interactive modules, videos, and games designed to sharpen user instincts and secure AI interactions. Get instant access to our Free Training Preview and find the perfect content to fortify your security culture.

    Get Your Free Training Preview

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the human and AI workforce to make safer security decisions every day. Trusted by over 70,000 organizations worldwide, we help strengthen security culture and manage risk. Our comprehensive AI-driven platform includes awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, agent security and more. As the only global security platform of its kind, KnowBe4 provides personalized content, tools, and techniques to keep the modern workforce safe from phishing, vishing, deepfakes, and emerging threats.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    We Train Humans and AI Agents. Socially engineered or prompt engineered? It's all human risk. Learn more

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.