I strongly suggest you warn your Accounting and HR teams that there is a new strain of CEO Fraud asking for W-2s
Clearwater, FL (PRWEB) February 24, 2016
A new strain of CEO Fraud (aka Business Email Compromise) reared its head at the offices of KnowBe4 in the form of a spoofed email from the CEO to accounting asking for a list of W-2s in PDF format. Luckily, the personnel and new CFO had completed a full battery of security awareness training and were able to spot something phishy about this email. The staff concerned brought the email to the CEO’s attention immediately and were congratulated by the CEO for a good catch.
“KnowBe4 CEO Stu Sjouwerman said, “Obviously I did not send this email, but imagine if we sent off the W-2s. It would have opened our staff up to identity theft since W-2s contain name, address, wages and social security numbers.”
Analysis of the email headers showed the hackers used someone’s GoDaddy email server and the return address was definitely not the CEO. However, it was a valid email address that the hackers were monitoring. KnowBe4’s phishing analysts noticed the new attack coming through the company’s Phish Alert Outlook add-in button on Monday February 22, 2016 but did not expect to see it hit KnowBe4’s own staff.
In an alert sent to customers, Sjouwerman noted, “I strongly suggest you warn your Accounting and HR teams that there is a new strain of CEO Fraud asking for W-2s.”
KnowBe4 provides templates for its customers and has already provided a new one based on this attack to help inoculate users against an attack of this nature. The template has a high difficulty (to spot) rating and clicking on the link presents users with an error page letting them know this was a phishing attempt. Clickers can then be provided with remedial Kevin Mitnick Security Awareness Training.
For more information visit: http://www.knowbe4.com
KnowBe4 is the world’s most popular integrated Security Awareness Training and Simulated Phishing platform. Realizing that the human element of security was being seriously neglected, KnowBe4 was created by two of the best known names in cybersecurity, Kevin Mitnick (the World’s Most Famous Hacker), and Inc. 500 alum serial security entrepreneur Stu Sjouwerman, to help organizations manage the problem of social engineering tactics through new school security awareness training. More than 3,000 organizations use KnowBe4’s platform to keep employees on their toes with security top of mind. KnowBe4 is used across all industries, including highly regulated fields such as finance, healthcare, energy, government and insurance.