Social Engineering, Persistence, and a Few Phone Calls is All it Takes to Steal $1 Million



Social Engineering ScamThe story of a Swiss investor who was convinced they were purchasing pre-IPO shares of AirBnB is the cautionary tale of how little it really takes to turn someone into a victim.

Most of the stories I cover here involve teams of cybercriminals, lots of planning, diligence, detailed execution of social engineering, and a specific target. But sometimes some cybercrimes take very little work to be successful.

This latest scam involves an investor who is eager to be invested in AirBnB well before the company even goes public. According to a news story in Forbes, the investor spoke with a persistent asset manager and purchased $40K in “shares” sometime in 2018 (nearly two years before AirBnB’s IPO), made a second purchase of the same amount, then $990K over a period of months. It wasn’t until February of 2019, after a final $180K purchase was made, that the investor visited the investment management office – only to find the whole thing was a scam.

This scam isn’t really any different than a traditional BEC scam that focuses on convincing an accounts payable clerk to change the payment details by posing as the contractor being paid. And, keep in mind, this AirBnB scam – despite being made public now due to court documents being unsealed – happened back in 2018. Today, we’re seeing massive rises in funds transfer fraud (which is up 28% this year over 2020).

It’s important that anyone in your organization dealing with purchases, spending, payments – anything with money involved – be put through new-school Security Awareness Training. Continual user education can elevate their sense of vigilance when interacting with any unsolicited content in email and on the web.


Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Save My Spot!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat-request-a-demo

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews