Actual Social Engineering Assault on KnowBe4 Worker Foiled

DavidB, the KnowBe4 VP of Asia Pacific and Japan, lately skilled a complicated social engineering assault by way of WhatsApp.

Late one night, David acquired a name from somebody impersonating Ani, KnowBe4’s CHRO.

It began as voice, however deliberately arrange in order that the “connection was bad” and the decision saved dropping. So David by no means actually heard somebody talking, simply background noise. Which led to the unhealthy actor explaining he was on a flight, and requesting to do textual content as a result of the “onboard wi-fi was apparently not allowing Whatsapp audio or video.”

Though it was uncommon for Ani to name at such hours, David didn’t instantly suspect foul play because of the present busy interval. Once they linked by way of textual content, the impersonator requested if David had any contacts at DBS Financial institution in Singapore to help with an pressing monetary matter.

The impersonator defined that they wanted to wire funds for a household medical emergency, however the switch was delayed by 48 hours. The request was not for cash immediately, however the impersonator talked about an quantity that shortly dropped when David mentioned he’d like to assist however he did not have these funds, elevating his suspicions.

Moreover, the caller addressed David by title as an alternative of his regular pleasant nickname that Ani usually used. David joked about needing to hit the “PAB” (Phish Alert Button) on this message, which was met with confusion by the impersonator.

To additional confirm, David requested a couple of dinner plan in Singapore, understanding Ani’s love for an area dish, however the impersonator couldn’t reply appropriately. David then confirmed with Ani by way of Slack that he had not made the request, ending the dialog with the scammer, and reporting the incident to WhatsApp.

whatsapp-attack
Due to the safety consciousness coaching David acquired at KnowBe4, he was capable of acknowledge and keep away from this social engineering  assault.

Recent articles