The CEO of security awareness firm KnowBe4 is a prolific writer who often reveals new threats his organization is seeing in the wild.
This time, it turns out that threat is his name and likeness in the hands of cybercriminals.
Stu Sjouwerman says the initial thing that tipped him off was a phone call from a government agency:
"First we got a call from the Small Business Administration, where someone applied for an SBA loan in my name, with the correct Social Security Number. The SBA reps called me to verify, and I congratulated them with a good fraud catch."
Then the cybercriminals tried another online application, posing as the CEO:
"Next, someone filed an unemployment claim in my name, again with the correct SSN. That one of course had very little chance of success, since these requests need to be verified by the company in question, and KnowBe4 had not laid me off yet. :-D"
You have to appreciate his sense of humor here—especially since there is more to the story.
KnowBe4 CEO: identity thieves contacted company employees
At the same time fraudulent applications were filed, someone created a new (and fake) Facebook page for the CEO and began contacting KnowBe4 employees as "the fake Stu," as he puts it.
Sjouwerman says the messaging was copied from a template used by unsophisticated cybercriminals.
And his employees, who work at a security awareness company and often talk about threats like this, did not fall for the messages from fake Stu.
They gave him a heads up instead, and he reported the fake page to Facebook.
In his post, he writes that this is entertaining, annoying, and also a part of his personal threat landscape.
"There is an old Dutch expression: 'High trees catch a lot of wind.' Well, once you get in the public eye there is definitely the effect you become a bigger target of identity theft."
And Sjouwerman wonders if there are more fraud attempts involving his identity that have yet to be discovered.
If this happens and you read his blog, chances are good you'll know before anyone else.