Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Extradited Member of a U.K. Scammer Highlights How His Gang Took Banks for $2 Million

    cyber attack impersonationDetails on how this global gang of cybercriminals used spoofing and impersonation methods to social engineer banks time and time again shows how effective these tactics are.

    An indictment recently filed in U.S. District Court extraditing U.K. citizen Habeeb Audu provides some valuable insight into how stolen personal data is used by a second group of cybercriminals. I talk a lot about how the bad guys like to steal your customer and employee personal data, but rarely does the story go beyond “and they could potentially sell the data on the Dark Web”, etc. But in this case, the story picks up where many of my articles have left off.

    According to the indictment, Audu was part of a gang of cybercriminals targeting the personal and small business accounts serviced by banks in the US, Canada, the UK, Italy, and UAE. In each attack, they used personal details of bank customers – this means they used a stolen database of personal information that contained details like date of birth, address, full name, bank they use, and probably account numbers. This information was used along with fake email accounts, a caller ID spoofing service and even voice-altering software to communicate with bank employees in an attempt to gain access to the real bank customer’s accounts.

    Over a period of 6 years (from 2013 to 2019), over $2 million was stolen by this cybercriminal group. One of the members is already locked up on another charge, Audu is currently being extradited to face charges, and one member is still at large.

    This kind of story paints the picture of how one cyber criminal gang will focus purely on the business of breaking in and stealing personal data, while another is really good at taking that data and monetizing it via a scam like the one outlined above.

    A data breach can materially impact the individual whose details are stolen. So, it’s up to organizations to put security measures in place – that include Security Awareness Training – to protect their customers, their reputation, and in many cases, their compliance with government regulations.

     

    Return To KnowBe4 Security Blog

    Can hackers spoof an email address of your own domain?

    DSTAre you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby.

    Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

    Find out now if your domain can be spoofed. The Domain Spoof Test (DST) is a one-time free service. Run this test so you can address any mail server configuration issues that are found.

    Try To Spoof Me!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/domain-spoof-test/

    Topics: Social Engineering

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews