Bad guys are now requesting personal cell phone numbers of employees 

KnowBe4, the world’s largest provider of security awareness training and simulated phishing, announced that it is observing a serious escalation in CEO fraud, (aka Business Email Compromise/Email Account Compromise), with the volume nearly tripling in the past month.

This escalation is detected through phishing attempts reported globally via KnowBe4’s Phish Alert Button (PAB).

PAB enables users to identify and send suspected phishing emails to IT or their incident response team for follow up with one simple click. More and more spear phishing emails that appear to come from the CEO directed at employees within organisations are being detected and KnowBe4 has noticed a significant increase just in the past month. The bad guys are crafting emails requesting more personal information, including street addresses and personal phone numbers of employees.

According to the FBI, the BEC/EAC scam continues to grow and evolve, targeting small, medium, and large business and personal transactions.  The FBI issued alert of July 18, 2018 FBI Alert (PSA 1-071218-PSA) noted there were 78,617 incidents reported with exposed dollar loss of over $12.5 billion dollars. Business email compromise was also identified as the most common type of crime in terms of dollar loss. These numbers and KnowBe4’s detection of the significant increase in CEO Fraud demonstrate why it’s more important than ever to step employees through new-school security awareness training, as they are an organisation’s last line of defence.

“It’s already known that CEO fraud is becoming one of the more popular and successful types of phishing attacks,” said Stu Sjouwerman, CEO, KnowBe4. “The escalation we’ve seen at through the attempts we track via KnowBe4’s Phish Alert Button indicates that the bad guys are increasingly confident in their ability to use social engineering and work over targets in a much more up-close and personal fashion.”