Ins and Outs of Impersonation...and Kidnapping

CEOFraud-TImpersonation attacks and business email compromise (aka CEO fraud) can lead to far more dangerous consequences than monetary losses, according to Matt Devost from OODA LLC. Devost appeared on the CyberWire’s Hacking Humans Podcast last week, where he described the attacks he’s seen involving cybercriminals with fraudulent personas.

Devost described one case in which an attacker impersonated a broker and an investor to target a successful entrepreneur who was looking for funding for a new startup. Under the guise of the broker, the attacker introduced the target to the supposed investor. Now posing as the investor, the attacker conversed with the target about the company, and eventually asked the entrepreneur to fly to South America so they could meet.

“That individual is very, very close to buying a ticket and kind of hand-delivering themselves down to South America,” Devost said. “Keep in mind they're already a successful business person, so a nice, lucrative target from a kidnapping perspective.”

Fortunately, the entrepreneur had a “gut intuition” that made them pause, and they decided to contact the broker through an alternative channel. The broker turned out to be a real person, but they hadn’t been communicating with the entrepreneur. The individual then realized that the meeting in South America was likely a setup for a kidnap-and-ransom scheme.

When asked what users can do to protect themselves against these types of attacks, Devost recommended “a healthy dose of skepticism in their online interactions.”

“I mean, there's just a user awareness component of this,” he said. “So there's some technical mitigations. Enable the two-factor authentication. And then there's some kind of social engineering resiliency that you can build up to make sure that you are at least applying a first order level of scrutiny on the incoming requests that are coming into your inbox.”

Attackers are extremely skilled at getting people to drop their guard and assume the best in people. New-school security awareness training is one of the best defenses against complacency.

The CyberWire has the story:


Get Your CEO Fraud Prevention Manual

CEO-Fraud-PagesCEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

Get Your Manual

PS: Don't like to click on redirected buttons? Copy and paste this link in your browser:



Subscribe To Our Blog

Free Phishing Security Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews