FBI-logo-web  - FBI logo web - The FBI Catches CEO Fraud Scammers by Giving Them a Taste of Their Own Medicine

The case of how the FBI turned the tables on cybercriminals using the very same tactics demonstrates how powerful the art of social engineering and deception can get a victim to act.

This story starts with cranes and ergonomic lifting manufacturer Gorbel who were scammed out of $82,000 using a simple fileless CEO scam. The payable team was sent an official-looking email from an account purporting to be the CEO. The scam worked, Gorbel was out the $82K, and the FBI was brought in.

But, it wasn’t enough to take Gorbel for tens of thousands of dollars; no, the cybercriminals wanted to take a drink from the same well a second time, again purporting to be the CEO.

With the FBI engaged, the scam email was addressed by Gorbel’s accounts payable team who stated the new request in the amount of $128,000 was paid. At the FBI’s request, the were provided with a fake domain – fedextrackingportal.com – which would capture the IP address of the cybercriminals and automatically provide an error if a VPN was detected (to ultimately acquire the real IP address of the cybercriminal). 6 IP addresses were recorded.

In another case, the FBI used Word docs and files crafted to phone home to the FBI as a way to obtain IP addresses.

In each of these cases, the FBI used a few tactics of a scam against the scammers that demonstrate how effective these tactics are in fooling your users into participating in an attack:

  • Emotional Connection – the FBI took advantage of the scammers desire to see the scam through
  • Context – the FBI used the payment scenario created by the scammers to insert actions the scammer must take to proceed
  • Malicious Links – while the FBI’s link didn’t perform any malicious tasks, or download , it did have an ulterior motive: to collect the scammers IP address
  • Malicious Files – again, while only purposed to obtain IP addresses, the FBI used Word docs programmed to provide details on the scammers

These same tactics are used every day in phishing attacks all over the . Educating users on the tactics used, scam details, how to spot a scam, and how to maintain a constant mental state of vigilance is necessary to keep your organization from becoming a victim. Security Awareness Training provide organizations with this education, additionally phish testing users to act as a feedback loop on the effectiveness of the training and your user’s application of it in the workplace.


CEO-Fraud-Pages.jpg  - CEO Fraud Pages - The FBI Catches CEO Fraud Scammers by Giving Them a Taste of Their Own Medicine

CEO Fraud Prevention Manual Download

CEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This brand-new manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

Click Here To Download The Manual  - 218bd950 fffa 4b22 9873 26f4f82d0df7 - The FBI Catches CEO Fraud Scammers by Giving Them a Taste of Their Own Medicine

PS: Don’t like to click on redirected buttons? Copy and paste this link in your browser:

https://info.knowbe4.com/ceo-fraud-prevention-manual


Find out how affordable new-school security awareness training is for your organization. Get a quote now.

 

Get A Quote  - a8252926 7187 4c02 9dd4 933c17d712b1 - The FBI Catches CEO Fraud Scammers by Giving Them a Taste of Their Own Medicine
Request A Demo  - 2af0f76d 67ca 4454 9896 5cb1da9b1f50 - The FBI Catches CEO Fraud Scammers by Giving Them a Taste of Their Own Medicine

 



Source link
Based Blockchain Network

LEAVE A REPLY

Please enter your comment!
Please enter your name here