Andy Cohen On How He Fell for a Scam

Cybercriminals will target anyone, even the rich and famous. We applaud Andy Cohen for speaking out and educating people on phishing scams. 

‍

How Did Andy Fall For a Phishing Scam?

It all started when Andy Cohen lost his debit card. The next day he received an email that looked to come from his bank with a fraud alert notice. He thought this was probably real since he just lost his debit card. He opened the email and clicked on the link in the email that took him to a spoofed bank page. Andy proceeded to log in with his banking username and password. Unfortunately, this was not an email from his bank, these were cybercriminals pretending to be Andy's bank. Since he provided his login information to them, they now have access to his bank account. The next question they asked was when Andy realized this was a scam! The cybercriminals asked Andy for his Apple ID, and he immediately stopped responding but it was too late. 

‍

And the Scam Continues .. 

Since Andy had given the cybercriminals access to his bank account by logging into their spoofed bank page they have access to all of his charges. The next day Andy received a text message asking if he was trying to purchase something with his card. He said no and then the cybercriminals called him pretending to be someone from his bank to clarify his recent charges. Since the cybercriminals had access to his account they could see the purchases Andy already made and could use those to gain his trust. The cybercriminals then sent him codes that they asked him to tell them and these codes were wire transfers. The last thing the cybercriminals asked Andy to do was to enter numbers on his keypad. What Andy was doing when he entered those numbers was activating call forwarding. So when the bank called to ask if Andy was making these wire transfers all calls were getting forwarded to the cybercriminals and never were reaching Andy. 

‍

The Red Flags

• Look at the email address that the email is coming from. Is it really your bank? Andy shared if he had looked at the email address he would have seen it wasn't from his bank. 
• Never click on a link in an email. If Andy hovered over that link, would it look like his bank's URL? 
• No bank would ask for your Apple ID.

‍

Would Andy have fallen for this scam if he was properly trained? 

Probably not! This is why Cyber Security Training is so important and every company should be training their employees. 

Links Technology, in partnership with KnowBe4, offers our clients a security awareness training program to train your team in a fun, effective and engaging way. We'll ensure that all of your staff consistently understands the risks and threats that face them every day. Links Technology's Security Awareness Team can tailor everything to meet your specific training needs and goals. Whether it is general security awareness, role-specific training, or compliance-based training we have the training you need. 

Our program & Security Awareness Team

• Trains your users
• Phishes your users
• Allows you to upload your own training modules, documents and policy forms
• Generates detailed reports for you
• Reviews results with you and provides strategic recommendations

Learn more about our Security Awareness Training Program.

‍