We spotted an unusual phishing email which revealed a new scam your users will soon find in their inbox. Time to inoculate them before it becomes a problem!
Many online service providers like Microsoft, Google, Facebook, Twitter, and PayPal have adopted a policy to warn users via email when there is a possible security-related event like "unusual sign-in activity".
Copies of these emails have been used for credentials phishing for a few years, but the problem is these security notifications are now being used by bad guys as a new attack vector for a tech support scam.
These new "phishes" point victims to a 1-800 number where either a scammer picks up, or the victim gets sent to voice mail hell for a while and their number is queued for a fraudulent follow-up call like the one below, which was sent to us by one of our customers -- who were well trained -- and did not fall for the scam.
PS: KnowBe4 uses HubSpot to host our website and for marketing automation so that is where this download link points to. It is safe to click, entertaining and instructive:
So, I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit: