- K’taka bandh likely to hit normal life amid govt’s effort to minimise impact
- Michael Gambon, who played Dumbledore in ‘Harry Potter’, passes away at 82
- Am free man, can go anywhere: Sourav Ganguly on his trip to Spain with CM
- Neobanking startup Fi cuts 10% of its staff in restructuring exercise
- Congress mulling idea to drop several sitting MLAs in Rajasthan after internal survey shows anti-incumbency
- Will you resign if nothing found in probe, Kejriwal asks PM Modi over house renovation row
- Bengal school job case: ED summons Abhishek Banerjee again on Oct 3
- Demands for fair share charge on OTT companies smack of rent-seeking: IAMAI
- Worms in Mid-Day Meal: Goa govt suspends licence of Self-Help Group
- Angelina Jolie was ‘saved’ by her children
Scammers duping firms in CEO's name
Cybersecurity researchers on Monday said they have discovered a spear phishing campaign targeting multiple IT firms where scammers were sending WhatsApp messages to top tier employees' personal numbers pretending to be their CEO.
New Delhi: Cybersecurity researchers on Monday said they have discovered a spear phishing campaign targeting multiple IT firms where scammers were sending WhatsApp messages to top tier employees' personal numbers pretending to be their CEO. CloudSEK analysts found a spear phishing campaign targeting multiple corporations wherein a specific form of a message purportedly coming from superiors or CEOs may actually be a fraud. In these messages, the threat actor pretends to be the company's CEO and sends a WhatsApp message to employees (mostly top-level executives) on their personal phone numbers.
Scammers misuse CEOs' publicly available pictures by using WhatsApp profile pictures as a social engineering tactic to convince the victim. "The research unveiled lead generation and business information tools being misused by these scammers to extract personal phone numbers," said a CloudSEK researcher. The scam begins with employees receiving an SMS-based message from an unknown number allegedly impersonating a top-ranking executive from the organisation. The reason for impersonating the top-ranking executive is to instil urgency and panic. If the receiver of the SMS acknowledges the scammer with a response, the threat actor/scammer would request to complete a quick task. The quick tasks commonly include purchasing gift cards for a client or employee and/or wiring funds to another business.
"In some cases, the scammer may ask employees to send personal information (like PINs and passwords) to third parties, often providing a plausible reason to carry out the request," said the report. Threat actors often use commanding and persuasive language to convince the email victim to respond.