Extradited Member of a U.K. Scammer Highlights How His Gang Took Banks for $2 Million



cyber attack impersonationDetails on how this global gang of cybercriminals used spoofing and impersonation methods to social engineer banks time and time again shows how effective these tactics are.

An indictment recently filed in U.S. District Court extraditing U.K. citizen Habeeb Audu provides some valuable insight into how stolen personal data is used by a second group of cybercriminals. I talk a lot about how the bad guys like to steal your customer and employee personal data, but rarely does the story go beyond “and they could potentially sell the data on the Dark Web”, etc. But in this case, the story picks up where many of my articles have left off.

According to the indictment, Audu was part of a gang of cybercriminals targeting the personal and small business accounts serviced by banks in the US, Canada, the UK, Italy, and UAE. In each attack, they used personal details of bank customers – this means they used a stolen database of personal information that contained details like date of birth, address, full name, bank they use, and probably account numbers. This information was used along with fake email accounts, a caller ID spoofing service and even voice-altering software to communicate with bank employees in an attempt to gain access to the real bank customer’s accounts.

Over a period of 6 years (from 2013 to 2019), over $2 million was stolen by this cybercriminal group. One of the members is already locked up on another charge, Audu is currently being extradited to face charges, and one member is still at large.

This kind of story paints the picture of how one cyber criminal gang will focus purely on the business of breaking in and stealing personal data, while another is really good at taking that data and monetizing it via a scam like the one outlined above.

A data breach can materially impact the individual whose details are stolen. So, it’s up to organizations to put security measures in place – that include Security Awareness Training – to protect their customers, their reputation, and in many cases, their compliance with government regulations.


Can hackers spoof an email address of your own domain?

DSTAre you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby.

Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

Find out now if your domain can be spoofed. The Domain Spoof Test (DST) is a one-time free service. Run this test so you can address any mail server configuration issues that are found.

Try To Spoof Me!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/domain-spoof-test/

Subscribe To Our Blog


Free Cybersecurity Awareness Month Resource Kit




Get the latest about social engineering

Subscribe to CyberheistNews