Real Social Engineering Attack on KnowBe4 Employee Foiled



SM-headerDavidB, the KnowBe4 VP of Asia Pacific and Japan, recently experienced a sophisticated social engineering attack via WhatsApp.

Late one evening, David received a call from someone impersonating Ani, KnowBe4's CHRO.

It started as a phone call, but intentionally set up so that the "connection was bad" and the call kept dropping. So David never really heard someone speaking, just background noise. Which led to the bad actor explaining he was on a flight, and requesting to do text because the "onboard wi-fi was apparently not allowing Whatsapp audio or video."

Although it was unusual for Ani to call at such hours, David did not immediately suspect foul play due to the current busy period. When they connected through text, the impersonator asked if David had any contacts at DBS Bank in Singapore to assist with an urgent financial matter.

The impersonator explained that they needed to wire funds for a family medical emergency, but the transfer was delayed by 48 hours. The request was not for money directly, but the impersonator mentioned an amount that quickly dropped when David said he'd like to help but he didn't have those funds, raising his suspicions.

Additionally, the caller addressed David by name instead of his usual friendly nickname that Ani typically used. David joked about needing to hit the "PAB" (Phish Alert Button) on this message, which was met with confusion by the impersonator.

To further verify, David asked about a dinner plan in Singapore, knowing Ani’s love for a local dish, but the impersonator could not respond appropriately. David then confirmed with Ani through Slack that he had not made the request, ending the conversation with the scammer, and reporting the incident to WhatsApp.

whatsapp-attack
Thanks to the security awareness training David received at KnowBe4, he was able to recognize and avoid this social engineering  attack.


Don’t get hacked by social media phishing attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. Cybercriminals use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

SPT-monitorHere's how the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/social-media-phishing-test



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews