Cybercriminals Lean Heavily on Social Engineering Tactics to Gain Access to Bank Accounts

iStock-1133860023 (1)A series of attack anecdotes shared by Brian Krebs shows how persistent and sophisticated scammers are in using social engineering tactics to gain access to their victim’s bank account details.

It all starts with a bit of information about their next potential victim; using credit card records for sale on the dark web, scammers use all the pertinent details necessary: name, address, phone number, email address and full credit or debit card number, expiration date, and card verification value (CVV) printed on the back of the card.

According to KrebsOnSecurity, one victim called Jim was the target of not just one, but a few separate social engineering-based attacks using both the phone and email as initial communication mediums. These attackers used techniques such as calling Jim pretending to be the bank while simultaneously calling the bank pretending to be Jim (in an attempt to pass along passphrases and transaction details in real time), as well as spoofing Jim’s phone number in order to retrieve recent transactions from the bank’s automated customer service line to be used when calling the bank later impersonating Jim.

Attacks are no longer simple campaigns with a story arc; today’s social engineering scams take into account all of the “what ifs” should their victim attempt to call the bank themselves, be hesitant to comply, and more. Having planned for every contingency, I can see why these kinds of attacks succeed.

What’s needed is for the individual to consider any bank-initiated communication as potentially false, scrutinizing the message, the contact details, and the next action to be taken. This issue has material ramifications for those individuals within the organization that are responsible for the company’s financials. Putting users through Security Awareness Training is an effective way to heighten their sense of scrutiny when interacting with email, inbound phone calls, and the web.

The place to stop these attacks is before a link is clicked and before any security questions are answered – teaching users to remain vigilant is the key.

The world's largest library of security awareness training content is now just a click away!

In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world's largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.

You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.

ModStore01-1The ModStore Preview includes:

  • Interactive training modules
  • Compliance modules
  • Videos
  • Trivia Games
  • Posters and Artwork
  • Newsletters and more!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Start Your Preview

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews