OK, here's a weird one.
Attacker calls up customer service and "corrects" a single character in the spelling of the account name. Then does it again. And again ... until finally the account is now in the attacker's name ...
Now how would you train people to detect or be on guard against that?
By having a system that does not depend solely on the spidey-sense of the front line personnel, such as:
This brings to mind something that occurred in 2017, the other way around. While in KSA, I received an email from a bank with which I had an account in my home country --- India --- thanking me for visiting the branch to meet the new manager the previous day.
Far from being out of the area the branch is located in, I wasn't even in country at the time!
After ensuring that the sender address was indeed that of the bank, I contacted them to alert them to this, and asked for an investigation & explanation. When they responded stating that it was due to a new staff member sending out the email erroneously, I made a complaint on the site, but decided to let it pass after they called me & apologized.
However, that wasn't the end of it --- shortly after, I received another similar email, followed by the same explanation: employee error! This is a major bank in India, so I was dismayed that something like this could happen. (I closed my account after this)
Had they claimed that they were gauging customer awareness, I might have actually appreciated it...