CEO’s Wife Thwarts Phishing Attack, Recognizes Red Flags in Spoofed CEO Fraud Email
KnowBe4, provider of the world’s largest security awareness training and simulated phishing platform, today caught an attempted compromise in progress that targeted an accounting firm. His wife caught on an alerted the CEO when she received a spoofed email from a sender in a Russian domain.
KnowBe4 CEO Stu Sjouwerman is an elected official of the City of Clearwater and serves on the Downtown Development Board. Part of his efforts on that board include a yearly disclosure about personal finances and real estate ownership. Board members are asked to fill out “form 1,” which goes into detail about liquidity and real estate. Sjouwerman’s wife received an email that appeared to come from him asking her to click on a PDF related to form 1. The email even included “sent from my ipad” while Sjouwerman was traveling. Sjouwerman normally asks his personal accountant to fill out this form, which is where the attack originated from.
“Luckily, my wife has been through new-school security awareness training and recognized the red flags in the email that appeared to come from me,” said Stu Sjouwerman, CEO, KnowBe4. “The email was addressed to my wife in her full first name, which is not how I normally address her in email corre
spondence. She also hovered over the link to find that it went to a different location than what was indicated. Her suspicions were correct about the email being a phishing attempt and she immediately backed away from the keyboard and called me.”
Sjouwerman gave this information to KnowBe4’s internal incident response team and within the hour, they confirmed that this was a known threat actor. Mrs. Sjouwerman tried to get in touch with their accountant, only to find that his voicemail message had also been compromised. Sjouwerman and his wife immediately froze their bank accounts, thwarting any type of unauthorized access due to the compromise.
The best plan of attack to prevent this type of phishing attempt is to use KnowBe4’s free Email Exposure Check (EEC). The EEC checks to see if email credentials have been breached. To get the free test, visit https://www.knowbe4.com/email-exposure-check/.
About KnowBe4
KnowBe4, the provider of the world’s largest integrated new-school security awareness training and simulated phishing platform, is used by more than 18,000 organizations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new-school approach to security awareness training. Kevin Mitnick, internationally recognized computer security expert and KnowBe4’s Chief Hacking Officer, helped design KnowBe4’s training based on his well-documented social engineering tactics. Thousands of organizations trust KnowBe4 to mobilize their end-users as the last line of corporate IT defense.
Number 231 on the 2017 Inc. 500 list, #70 on 2017 Deloitte’s Technology Fast 500 and #2 in Cybersecurity Ventures Cybersecurity 500. KnowBe4 is headquartered in Tampa Bay, Florida with European offices in England and the Netherlands.
