The recent arrest and charging of a gang of 24 U.S.-based cybercriminals in Atlanta demonstrates how easy it is to become a cybercriminal and use social engineering tactics to fool people out of their money.
The list of charges is as long as a CVS receipt: bank fraud, identity theft, romance scams targeting the elderly, wire fraud, invoicing scams, and more – all from one group that masterminded not only the initial scams, but a sophisticated money laundering scheme using fake companies and bank accounts throughout the world.
According to a press release put out by the U.S. Attorney’s Office in the Northern District of Georgia, these scammers targeted individuals, corporations, and financial institutions using business email compromise, romance scams, and retirement account scams to take over $30 million and distribute it throughout the United States and around the globe. The press release made it clear that it’s unlikely that the victims will get their money back.
Each of these scams involved a few common elements:
- They targeted their victims
- They aligned the scam with a particular victim persona (so, retirement scam for the elderly, etc.)
- They required the victim to take action
It’s this last element that organizations today can do something about – for every email sent phishing its potential victim, it’s necessary for the recipient to take the bait and open the attachment, click the link, or respond to the email.
Organizations enrolled in continuous Security Awareness Training find their users becoming more and more savvy about the methods cybercriminals and scammers use. The end result is users are more able to quickly identify suspicious email and web content for what it really is – potentially malicious. And, by doing so, your security aware users are less likely to take the action desired by the scammer.
$30 million in stolen money says a lot about the victim’s inability to tell if the emails received were legitimate or not. It’s up to you to make certain your users can tell the difference.