Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Vishing, from (not) the Bank

    Vishing_As_A_ServiceWe saw yesterday how phishing affects the financial sector. Here we see another, related trend: impersonation attacks that purport to be from the victim’s bank.

    Bank vishing scams are growing more convincing and harder to detect, CNN reports. A San Francisco man named Peter Gunst told CNN how he had nearly fallen for “the most credible phishing attempt I’ve experienced to date.”

    Gunst said he received two phone calls from the same number, and he answered the phone the second time. A woman on the other end told him she worked for his bank and asked if he had just tried to use his card in Miami. Gunst said no, and the woman began to walk him through the process of securing his account.

    She asked Gunst for his member number and he gave it to her. He then received a text message from the bank’s phone number containing a PIN, which he read out to the woman. This was actually a password reset code, and it granted her access to his bank account.

    Next, the woman told Gunst they needed to block his PIN, and asked what his PIN was. At this point Gunst realized it was a scam, since no real bank should ask you for your PIN, and he hung up immediately. In hindsight, Gunst believes he should have been more suspicious of the caller from the outset.

    “When I read that thread now, that’s one red flag after another,” Gunst told CNN. “But it's hard to express the social engineering component of it. My guard wasn't up in the way it should've been.”

    Gunst added that he had dealt with real fraud prevention calls from his bank in the past, and the scammer knew exactly how this process worked. He also thinks the scammer somehow knew he was a customer of that particular bank.

    “It’s unclear at this point where this happened, but there's no doubt in my mind that they knew that I was a customer of that bank and they thoroughly understood the security procedures of that bank,” Gunst said. “It was rather targeted.”

    CNN points out that sometimes scammers gain an advantage by targeting employees of a company to gather information on customers before targeting those customers with scams. New-school security awareness training can enable your employees to be constantly on guard for suspicious requests.

    CNN has the story: https://www.cnn.com/2019/10/27/business/phishing-bank-scam-trnd/index.html

     

    Return To KnowBe4 Security Blog

    Find out if your organization's MFA solution
    can be hacked by cybercriminals now!

    Did you know that all MFA mechanisms can be hacked, and in some cases it's as simple as sending a phishing email? That's why it's important to know the exact security risks your MFA solution has and how your users' accounts may be compromised.

    masareport-thumbHere's how MASA works:

    • You will receive a custom link to take your assessment
    • Answer a series of technology questions relevant to your MFA solution
    • Get an instant high-level snapshot of potential risks with your MFA
    • Receive your in-depth report packed with actionable insight and detailed analysis on specific MFA attacks and tips for your top defenses 

    Assess My MFA Solution Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/multi-factor-authentication-security-assessment

    Topics: Social Engineering, Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews