A cyber-criminal entangled in a phishing campaign made the strategic error of trying to phish out an employee of a cyber-security vendor which provides phishing training for corporate America, FOX 13 reports.

KnowBe4, a cyber-security company located in Clearwater, Florida, is specialized in training employees of small and large US businesses in how to recognize phishing emails and then how to deal with them, among other things.

So you can imagine things didn't go as planned when an unknown scammer tried to phish out one of the company's employees, on Friday, September 23.

The scammer was using the old CEO Fraud scheme

Acting on a well-known strategy under the name of CEO Fraud, the scammer tried to send KnowBe4's CFO, Alanna Cormier, a fake email from the company's CEO, telling her to wire a large sum of money ($20,000 / €17,850) to an external account.

Unknown to the attacker was the fact that the company's CEO was sitting just across the company's office floor, so Mr. Cormier went directly to him to ask him about the email.

The two were quick to realize the obvious phishing attempt and decided to trick the scammer into revealing his real location.

The company sent the scammer one of their own phishing emails

Instead of wiring the money, the two sent him an email, asking for more instructions. When they received more details from the attacker, the two took one of the sample phishing emails the company had in its training database, and sent it to the attacker's email, from which they received the previous reply.

The email was created to look like it came from AOL, and said that the scammer's email account was locked due to security purposes. To unlock his account, the scammer only had to click on a link, which logged the attacker's IP address on KnowBe4's server.

"We know where it is but we refrain from making that public because we've transferred it to law enforcement, and it's now in their hands," said Stu Sjouwerman, KnowBe4 CEO.