Free Unsolicited Smartwatch in the Mail and I’m in the Military? What Could Possibly Go Wrong???

Stu Sjouwerman | Jul 7, 2023

Smart-Watch-Cybersecurity-ScamFrom the “shaking our heads” files comes the story of how threat actors compromised military personnel mobile devices, credentials, accounts and more.

You’d think that if you received a smartwatch in the mail, you’d immediately throw it out. Apparently, according to a new press release from the U.S. Army’s Department of Army Criminal Investigation, quite a few service members fell for this social engineering tactic.

These smartwatches connect to WiFi, as well as the service members mobile phone where it potentially has unrestricted access to saved data that includes usernames and passwords, contacts and banking information.

The press release also warns of the possibility that both video and voice, when activated on the mobile device may be accessible to the smartwatch, potentially compromising any details shared on phone calls, within texts, etc.

This feels like the ultimate “are you kidding me??!???!” story where I simply can’t believe that anyone fell for this… and yet, enough did that a press release needed to be put out.

The general rule for any kind of attack that uses social engineering – regardless of communication medium, message, branding, etc. – is very simple: if you aren’t expecting it and it sounds too good to be true, it most definitely is NOT true and should be considered malicious in intent – something taught employees within continual new school security awareness training.

Build Your Custom Security Awareness Program in 5 Minutes

Many IT and security professionals struggle to build a security culture program that actually changes behavior. Answer seven quick questions about your organization’s goals, compliance needs, and culture to automatically generate a customized roadmap based on industry best practices, complete with actionable tasks and a scheduling calendar.

Create Your Free ASAP Roadmap

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.