A customer just sent us this:
"Stu, the company who processes payments for Duke Energy’s walk in payments was hacked and as a result about 375,000 bank accounts may have been stolen.
"We here at my office just received a phone call from someone pretending to be from Duke Energy (they even spoofed Duke Energy’s phone number), wanting us to go to Kroger and get some prepaid visa cards to pay them or they would shut our power off, they then called back and said they were going to install new meters and said that info should be on our bill, wanting us to look at our bills phishing for more info, and we were to pay them over the phone with prepaid visa cards.
"Thought I would let you know that my users spotted this scam and called me, thanks to the KnowBe4 training, this didn’t go any further. Thanks, C.C."
The cybercriminals who got their hands on customer data are now using social engineering tricks to try getting affected customers into paying them directly. Here is the story from the Tampa Bay Times "CHARLOTTE, N.C. — Nearly 375,000 Duke Energy Corp. customers may have had personal and banking information stolen in a data breach.
The country’s largest electric company said Tuesday the customers paid a bill by check or cash at 550 walk-in payment processing centers in the Carolinas, Florida, Indiana, Ohio and Kentucky since 2008.
Those payments were processed by TIO Networks, which was hacked in an attack disclosed after the company was purchased in July by PayPal Holdings Inc. Duke Energy customers make up nearly a quarter of the 1.6 million TIO Network customers potentially compromised.
The personally identifiable information that may have been stolen from Duke Energy customers includes names, addresses, electricity account numbers and banking information if a customer paid power bills by check.
TIO Networks is sending letters to notify those affected."
Let's stay safe out there.
Warm regards,
Stu Sjouwerman,
Founder and CEO, KnowBe4, Inc