Two weeks ago, I was sitting in a virtual waiting room, ready to record a podcast with a colleague I deeply respect. Former president of NABIP, David Saltzman. Someone who has spent decades in this industry.
He never showed up to the call, so I sent a message.
“I’ve been hacked. I must take care of this. Can we reschedule?” That’s what he responded.
Here is what the attack actually looked like.
It started with a pop-up on his screen. It looked like an official Apple alert.
It said his device had been compromised and gave him an 800 number to call immediately.
On the other end was someone calm, professional, and completely convincing. They confirmed there had been a breach, told him his bank account in another state had suspicious activity, and said they had someone from the FTC already on the line to help with the investigation.
Then came the ask. Create a new account through a VPN, transfer $25,000 into it, and the bank would take care of the rest.
He was in the middle of this when I offered to help, and after hearing everything my honest advice was: HANG UP THE PHONE.
What this kind of attack is designed to do.
David was targeted by a vishing attack, a form of social engineering that uses phone calls to manipulate victims into handing over money or sensitive information. And it is one of the most effective techniques cybercriminals use today, precisely because it bypasses almost every tool you have installed.
That is what makes this category of attack so dangerous.
The entry point was a convincing pop-up, the 800 number was scripted, the FTC voice on the line was rehearsed, and every step was engineered to keep David moving forward before he had a chance to pause and question anything.
By the time something feels wrong, you are already deep inside the attack.
You have to know about these threats. You have to get assessed and know where you stand.
Most agencies and agents do not know what their real exposure looks like until something goes wrong, and by then the cost is measured in money lost, clients notified, and days of productivity gone.
A Cyber Assessment gives you a clear picture of your weak points before a scammer finds them first.
You can get one for free at: https://cyberfin.net/cybersecurity-assessment