DavidB, the KnowBe4 VP of Asia Pacific and Japan, recently experienced a sophisticated social engineering attack via WhatsApp.
Late one evening, David received a call from someone impersonating Ani, KnowBe4's CHRO.
It started as a phone call, but intentionally set up so that the "connection was bad" and the call kept dropping. So David never really heard someone speaking, just background noise. Which led to the bad actor explaining he was on a flight, and requesting to do text because the "onboard wi-fi was apparently not allowing Whatsapp audio or video."
Although it was unusual for Ani to call at such hours, David did not immediately suspect foul play due to the current busy period. When they connected through text, the impersonator asked if David had any contacts at DBS Bank in Singapore to assist with an urgent financial matter.
The impersonator explained that they needed to wire funds for a family medical emergency, but the transfer was delayed by 48 hours. The request was not for money directly, but the impersonator mentioned an amount that quickly dropped when David said he'd like to help but he didn't have those funds, raising his suspicions.
Additionally, the caller addressed David by name instead of his usual friendly nickname that Ani typically used. David joked about needing to hit the "PAB" (Phish Alert Button) on this message, which was met with confusion by the impersonator.
To further verify, David asked about a dinner plan in Singapore, knowing Ani’s love for a local dish, but the impersonator could not respond appropriately. David then confirmed with Ani through Slack that he had not made the request, ending the conversation with the scammer, and reporting the incident to WhatsApp.
Thanks to the security awareness training David received at KnowBe4, he was able to recognize and avoid this social engineering attack.
Here's how the Social Media Phishing Test works:
