We spotted an unusual phishing email which revealed a new scam your users will soon find in their inbox. Time to inoculate them before it becomes a problem!
Many online service providers like Microsoft, Google, Facebook, Twitter, and PayPal have adopted a policy to warn users via email when there is a possible security-related event like "unusual sign-in activity".
Copies of these emails have been used for credentials phishing for a few years, but the problem is these security notifications are now being used by bad guys as a new attack vector for a tech support scam.
These new "phishes" point victims to a 1-800 number where either a scammer picks up, or the victim gets sent to voice mail hell for a while and their number is queued for a fraudulent follow-up call like the one below, which was sent to us by one of our customers -- who were well trained -- and did not fall for the scam.
PS: KnowBe4 uses HubSpot to host our website and for marketing automation so that is where this download link points to. It is safe to click, entertaining and instructive:
http://cdn2.hubspot.net/hubfs/241394/phone_phish.mp3
So, I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit:
"There is a new scam you need to watch out for. In the last few years, online service providers like Google, Yahoo and Facebook have started to send emails to their users when there was a possible security risk, like a log-on to your account from an unknown computer.
Bad guys have copied these emails in the past, and tried to trick you into logging into a fake website they set up and steal your username and password. Now, however, they send these fake security emails with a 1-800 number that they claim you need to call immediately.
If you do, two things may happen:
1) You get to talk right away with a real internet criminal, usually with a foreign accent, that tries to scam you. They claim there is a problem with your computer, "fix" it, and ask for your credit card.
2) You get sent to voice mail and kept there until you hang up, but your phone number was put in a queue and the bad guys will call you and try the same scam.
Remember, if you get any emails that either promise something too good to be true, OR looks like you need to prevent a negative consequence, Think Before You Click and in this case before you pick up the phone.
If you decide to call any vendor, go to their website and call the number listed there. Never use a phone number from any email you may have received. Here is a real example of such a call. Dont' fall for it!
http://cdn2.hubspot.net/hubfs/241394/phone_phish.mp3
PS, for KnowBe4 customers, did you know we have a new Phishing Campaign that sends these Scam Of The Week to your employees automatically? Go to Phishing -> Create Campaign -> In the Templates field, choose Scam Of The Week, and select the Scam from the list. -> Select All Users -> Create Campaign. That's all!
If you are not a KnowBe4 customer yet, since Tech Support Scams have been skyrocketing the last 12 months, it's a must stepping your users through effective security awareness training which includes frequent simulated attacks.
For instance, KnowBe4's integrated training and phishing platform allows you to send fully simulated tech support scams so you can see which users answer the emails and/or click on links in them or open infected attachments. If you have a Platinum subscription you can even send them "vishing" attacks straight to the phone on their desk.
See it for yourself and get a live, one-on-one demo.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:
https://info.knowbe4.com/kmsat-request-a-demo