Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Cybercriminals Lean Heavily on Social Engineering Tactics to Gain Access to Bank Accounts

Stu Sjouwerman | May 7, 2020

iStock-1133860023 (1)A series of attack anecdotes shared by Brian Krebs shows how persistent and sophisticated scammers are in using social engineering tactics to gain access to their victim’s bank account details.

It all starts with a bit of information about their next potential victim; using credit card records for sale on the dark web, scammers use all the pertinent details necessary: name, address, phone number, email address and full credit or debit card number, expiration date, and card verification value (CVV) printed on the back of the card.

According to KrebsOnSecurity, one victim called Jim was the target of not just one, but a few separate social engineering-based attacks using both the phone and email as initial communication mediums. These attackers used techniques such as calling Jim pretending to be the bank while simultaneously calling the bank pretending to be Jim (in an attempt to pass along passphrases and transaction details in real time), as well as spoofing Jim’s phone number in order to retrieve recent transactions from the bank’s automated customer service line to be used when calling the bank later impersonating Jim.

Attacks are no longer simple campaigns with a story arc; today’s social engineering scams take into account all of the “what ifs” should their victim attempt to call the bank themselves, be hesitant to comply, and more. Having planned for every contingency, I can see why these kinds of attacks succeed.

What’s needed is for the individual to consider any bank-initiated communication as potentially false, scrutinizing the message, the contact details, and the next action to be taken. This issue has material ramifications for those individuals within the organization that are responsible for the company’s financials. Putting users through Security Awareness Training is an effective way to heighten their sense of scrutiny when interacting with email, inbound phone calls, and the web.

The place to stop these attacks is before a link is clicked and before any security questions are answered – teaching users to remain vigilant is the key.

Topics: Social Engineering Security Awareness Training KnowBe4

Access the World’s Largest Security Awareness Library

Explore over 1,000 interactive modules, videos, and games designed to sharpen user instincts and secure AI interactions. Get instant access to our Free Training Preview and find the perfect content to fortify your security culture.

Get Your Free Training Preview

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Stu Sjouwerman

ABOUT STU SJOUWERMAN

Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

Read more from Stu »

Subscribe the KnowBe4 Blog

Posts By Topic

View All