Security Awareness Training Blog

    KnowBe4 Prevents Customer From Becoming Social Engineering Victim Of Duke Energy Vendor’s Hack

    tio-networks

    A customer just sent us this:

    "Stu, the company who processes payments for Duke Energy’s walk in payments was hacked and as a result about 375,000 bank accounts may have been stolen.

    "We here at my office just received a phone call from someone pretending to be from Duke Energy (they even spoofed Duke Energy’s phone number), wanting us to go to Kroger and get some prepaid visa cards to pay them or they would shut our power off, they then called back and said they were going to install new meters and said that info should be on our bill, wanting us to look at our bills phishing for more info, and we were to pay them over the phone with prepaid visa cards.

    "Thought I would let you know that my users spotted this scam and called me, thanks to the KnowBe4 training, this didn’t go any further. Thanks, C.C."

    The cybercriminals who got their hands on customer data are now using social engineering tricks to try getting affected customers into paying them directly. Here is the story from the Tampa Bay Times "CHARLOTTE, N.C. — Nearly 375,000 Duke Energy Corp. customers may have had personal and banking information stolen in a data breach.

    The country’s largest electric company said Tuesday the customers paid a bill by check or cash at 550 walk-in payment processing centers in the Carolinas, Florida, Indiana, Ohio and Kentucky since 2008.

    Those payments were processed by TIO Networks, which was hacked in an attack disclosed after the company was purchased in July by PayPal Holdings Inc. Duke Energy customers make up nearly a quarter of the 1.6 million TIO Network customers potentially compromised.

    The personally identifiable information that may have been stolen from Duke Energy customers includes names, addresses, electricity account numbers and banking information if a customer paid power bills by check.

    TIO Networks is sending letters to notify those affected."

    Let's stay safe out there.

    Warm regards,

    Stu Sjouwerman,

    Founder and CEO, KnowBe4, Inc

    NewStu.png

     

     

    Return To KnowBe4 Security Blog

    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

    Request a Demo!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/kmsat-security-awareness-training-demo

    Topics: Social Engineering, Third Party Vendor Risk Management

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews