At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Social Engineering, Persistence, and a Few Phone Calls is All it Takes to Steal $1 Million

    Social Engineering Scam

    The story of a Swiss investor who was convinced they were purchasing pre-IPO shares of AirBnB is the cautionary tale of how little it really takes to turn someone into a victim.

    Most of the stories I cover here involve teams of cybercriminals, lots of planning, diligence, detailed execution of social engineering, and a specific target. But sometimes some cybercrimes take very little work to be successful.

    This latest scam involves an investor who is eager to be invested in AirBnB well before the company even goes public. According to a news story in Forbes, the investor spoke with a persistent asset manager and purchased $40K in “shares” sometime in 2018 (nearly two years before AirBnB’s IPO), made a second purchase of the same amount, then $990K over a period of months. It wasn’t until February of 2019, after a final $180K purchase was made, that the investor visited the investment management office – only to find the whole thing was a scam.

    This scam isn’t really any different than a traditional BEC scam that focuses on convincing an accounts payable clerk to change the payment details by posing as the contractor being paid. And, keep in mind, this AirBnB scam – despite being made public now due to court documents being unsealed – happened back in 2018. Today, we’re seeing massive rises in funds transfer fraud (which is up 28% this year over 2020).

    It’s important that anyone in your organization dealing with purchases, spending, payments – anything with money involved – be put through new-school Security Awareness Training. Continual user education can elevate their sense of vigilance when interacting with any unsolicited content in email and on the web.

    Request A Demo: Security Awareness Training

    products-KB4SAT6-2-1

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Save My Spot!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top