It's Happening The World Over: $300K Lost To Phone Scammer

rk_singtel_151119A woman in Singapore lost $300,000 to a scammer posing as a Singtel customer service employee, according to the Straits Times. The scammer told the victim he would fix some problems with her WiFi connection, and he kept her on the phone for two hours. During this time, he convinced her to give him access to her computer and her online bank account, along with sensitive personal information. The scammer used this access to withdraw vast amounts of money from her account and the accounts of two of her family members.

The scammer used scare tactics to keep the victim on the line. He even connected her with another scammer who claimed to be working for the police. The two scammers told the victim that her IP address was being used in several countries, and they showed her a picture of a Russian man who they claimed was using her account.

“Throughout this process, they kept telling me not to talk to anybody, not to inform anybody, and to keep the landline on and my hand phone switched off,” the woman told the Times. “Not knowing anything, I just followed through. That's when it all happened.”

This seems a lot of effort on the criminals’ part, but $300,000 is, sadly, a very good return on the two hours they invested. Scammers frequently try to keep their victims isolated and frightened so no one else can warn them that they’re being scammed.

The very same tactics—slightly modified—are being used in office environments. Combinations of pressure tactics, deception, isolation and tag-teaming are used in CEO Fraud as well. 

New-school security awareness training can help your employees in multinational offices recognize the red flags of social engineering and encourage them to seek external advice before giving your organization's confidential information or money to a scammer.

The Straits Times has the story:

Will your users respond to phishing emails?

KnowBe4's Phishing Reply Test (PRT) is a complimentary IT security tool that makes it easy for you to check to see if key users in your organization will reply to a highly targeted phishing attack without clicking on a link. PRT will give you quick insights into how many users will take the bait so you can take action to train your users and better protect your organization from these fraudulent attacks!

PRT-imageHere's how it works:

  • Immediately start your test with your choice of three phishing email reply scenarios
  • Spoof a Sender’s name and email address your users know and trust
  • Phishes for user replies and returns the results to you within minutes
  • Get a PDF emailed to you within 24 hours with the percentage of users that replied

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews