Social engineering led to potential kidnapping

Social engineering and impersonation attacks can lead to far more dangerous consequences than monetary losses, according to Matt Devost from OODA LLC. Devost appeared on the CyberWire’s Hacking Humans Podcast last week, where he described the attacks he’s seen involving cybercriminals with fraudulent personas.

Devost described one case in which an attacker impersonated a broker and an investor to target a successful entrepreneur who was looking for funding for a new startup. Under the guise of the broker, the attacker introduced the target to the supposed investor. Now posing as the investor, the attacker conversed with the target about the company, and eventually asked the entrepreneur to fly to South America so they could meet.

“That individual is very, very close to buying a ticket and kind of hand-delivering themselves down to South America,” Devost said. “Keep in mind they’re already a successful business person, so a nice, lucrative target from a kidnapping perspective.”

kidnapping
Fortunately, the entrepreneur had a “gut intuition” that made them pause, and they decided to contact the broker through an alternative channel. The broker turned out to be a real person, but they hadn’t been communicating with the entrepreneur. The individual then realized that the meeting in South America was likely a setup for a kidnapping-and-ransom scheme.

Healthy dose of skepticism

When asked what users can do to protect themselves against these types of attacks, Devost recommended “a healthy dose of skepticism in their online interactions.”

“I mean, there’s just a user awareness component of this,” he said. “So there’s some technical mitigations. Enable the two-factor authentication. And then there’s some kind of social engineering resiliency that you can build up to make sure that you are at least applying a first order level of scrutiny on the incoming requests that are coming into your inbox.”

Attackers are extremely skilled at getting people to drop their guard and assume the best in people. New-school security awareness training is one of the best defenses against complacency.

The CyberWire has the story: https://thecyberwire.com/podcasts/cw-podcasts-hh-2019-02-28.html

Cyber Safety Net is a KnowBe4 partner. Reposted with permission from https://blog.knowbe4.com/ins-and-outs-of-impersonation-and-kidnapping. Cyber Safety Net – Keeping you safe online. See https://cybersafetynet.net/cyber-security-awareness-training/ to train and strengthen your human firewall. See https://youtu.be/UFpFesrcnvY and https://www.knowbe4.com/security-awareness-training-features/ to learn more.

 

Tags: , ,