Science

Scam Alert: Got WhatsApp Message From Your Boss or CEO? Think Twice Before Responding

February 14, 2023
Bharat Times English News

New Delhi: Cyber ​​security researchers have discovered a spear phishing campaign where fraudsters impersonate the CEO or boss of a company to target employees of an organisation.

A spear phishing attempt targeting multiple organizations has been discovered by CloudSEK experts. The campaign involved a certain type of message that appeared to be sent by the CEO or superiors but could actually be a scam.

In these communications, the threat actor, posing as the CEO of the firm, sends WhatsApp messages to employees (mainly top executives) on their personal phone numbers.



Modus operandi of WhatsApp spear phishing scam

Analysts at cybersecurity firm CloudSEK found the following modus operandi adopted by spear phishing scamsters

Vulnerable employees receive an SMS-based message from an unknown number “allegedly impersonating a top-ranking executive from the organization”

Fraudsters impersonate top-ranking executives to create urgency and panic

If that vulnerable employee or recipient of the SMS intercepts the scammer with a response, the threat actor/scammer will request a quick task completion.

CloudSEK says that “quick actions typically include: purchasing a gift card for a customer or employee and/or wiring funds to another business.”

Scammers may also in some cases ask employees to send personal information such as PINs and passwords to third parties, thus often providing a probable cause for making the request.


CloudSEK wrote in its report that “threat actors often use commanding and persuasive language to persuade the email victim to respond … threat actors use popular sales intelligence to gather personally identifiable information.” Or use lead generation tools like SignalHire, ZoomInfo, Rocket Reach. (PII) like email, phone number and more.”