Scam Alert: Did you get WhatsApp message from your boss or CEO? Think twice before answering | Technology news

Hello friends, Lets Talk about

New Delhi: Cyber ​​security researchers have detected a spear phishing campaign where the fraudsters target employees of an organization by impersonating the CEO or head of that company.

A spear phishing attempt targeting many organizations was discovered by CloudSEK experts. The campaign involved a particular type of message that appeared to be sent by CEOs or superiors, but may actually be a scam.

The threat actor sends WhatsApp messages to employees (mainly top executives) on their personal phone numbers while pretending to be the regular CEO in these communications.

Modus Operandi of WhatsApp spear phishing scam

Analysts at cybersecurity firm CloudSEK found the following modus operandi adopted by spear phishing scammers

The vulnerable employees receive an SMS-based message from an unknown based number “allegedly impersonating a top-ranking executive from the organization”

The scammers pretend to be the top-ranking executive to instill urgency and panic

If the vulnerable employee or recipient of the text message acknowledges the fraudster with a response, the threat actor/fraudster will request to perform a quick task.

CloudSEK says the “quick tasks commonly include: purchasing gift cards for a client or employee and/or transferring funds to another business.”

Fraudsters may also ask employees to send personal information like PINs and passwords to third parties in some cases, often providing probable cause to carry out the request.

CloudSEK wrote in its report that “threat actors often use commanding and persuasive language to convince the email victim to respond…Threat actors then use popular sales intelligence or lead generation tools such as Signalhire, Zoominfo, Rocket Reach to collect personally identifiable information (PII) like emails, phone numbers and more.”

Thanks For Reading, Kindly share this to your friends.

Leave a Reply

Your email address will not be published. Required fields are marked *