Scammers duping firms in CEO's name

New Delhi: Cybersecurity researchers on Monday said they have discovered a spear phishing campaign targeting multiple IT firms where scammers were sending WhatsApp messages to top tier employees' personal numbers pretending to be their CEO. CloudSEK analysts found a spear phishing campaign targeting multiple corporations wherein a specific form of a message purportedly coming from superiors or CEOs may actually be a fraud. In these messages, the threat actor pretends to be the company's CEO and sends a WhatsApp message to employees (mostly top-level executives) on their personal phone numbers.

Scammers misuse CEOs' publicly available pictures by using WhatsApp profile pictures as a social engineering tactic to convince the victim. "The research unveiled lead generation and business information tools being misused by these scammers to extract personal phone numbers," said a CloudSEK researcher. The scam begins with employees receiving an SMS-based message from an unknown number allegedly impersonating a top-ranking executive from the organisation. The reason for impersonating the top-ranking executive is to instil urgency and panic. If the receiver of the SMS acknowledges the scammer with a response, the threat actor/scammer would request to complete a quick task. The quick tasks commonly include purchasing gift cards for a client or employee and/or wiring funds to another business.

"In some cases, the scammer may ask employees to send personal information (like PINs and passwords) to third parties, often providing a plausible reason to carry out the request," said the report. Threat actors often use commanding and persuasive language to convince the email victim to respond.