Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Ins and Outs of Impersonation...and Kidnapping

    CEOFraud-TImpersonation attacks and business email compromise (aka CEO fraud) can lead to far more dangerous consequences than monetary losses, according to Matt Devost from OODA LLC. Devost appeared on the CyberWire’s Hacking Humans Podcast last week, where he described the attacks he’s seen involving cybercriminals with fraudulent personas.

    Devost described one case in which an attacker impersonated a broker and an investor to target a successful entrepreneur who was looking for funding for a new startup. Under the guise of the broker, the attacker introduced the target to the supposed investor. Now posing as the investor, the attacker conversed with the target about the company, and eventually asked the entrepreneur to fly to South America so they could meet.

    “That individual is very, very close to buying a ticket and kind of hand-delivering themselves down to South America,” Devost said. “Keep in mind they're already a successful business person, so a nice, lucrative target from a kidnapping perspective.”

    Fortunately, the entrepreneur had a “gut intuition” that made them pause, and they decided to contact the broker through an alternative channel. The broker turned out to be a real person, but they hadn’t been communicating with the entrepreneur. The individual then realized that the meeting in South America was likely a setup for a kidnap-and-ransom scheme.

    When asked what users can do to protect themselves against these types of attacks, Devost recommended “a healthy dose of skepticism in their online interactions.”

    “I mean, there's just a user awareness component of this,” he said. “So there's some technical mitigations. Enable the two-factor authentication. And then there's some kind of social engineering resiliency that you can build up to make sure that you are at least applying a first order level of scrutiny on the incoming requests that are coming into your inbox.”

    Attackers are extremely skilled at getting people to drop their guard and assume the best in people. New-school security awareness training is one of the best defenses against complacency.

    The CyberWire has the story: https://thecyberwire.com/podcasts/cw-podcasts-hh-2019-02-28.html

     

    Get Your CEO Fraud Prevention Manual

    CEO-Fraud-PagesCEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

    Get Your Manual

    PS: Don't like to click on redirected buttons? Copy and paste this link in your browser:

    https://info.knowbe4.com/ceo-fraud-prevention-manual

     

     

     

    Return To KnowBe4 Security Blog

    Topics: Social Engineering, CEO Fraud

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews