It's a Saturday, you are lazying around at your house, and suddenly your WhatsApp has an incoming message from your boss/CEO of the company and you drop everything else to react to it. However, depending on the content of the message, you may want to double-check that your boss is actually the one texting you.

Cybersecurity researchers on Monday found a spear phishing campaign targeting multiple corporations wherein scammers were sending messages to IT professionals through WhatsApp, pretending to be their CEOs.

According to a report by CloudSEK, "The research unveiled lead generation and business information tools being misused by these scammers to extract personal phone numbers.".

Also Read: App alert: This security search engine will help you spot high-risk applications

Modus Operandi

During investigation, it was found that the scam started with employees receiving an SMS-based message from an unknown number allegedly impersonating a top-ranking executive from the organisation. The reason for impersonating the top-ranking executive is to instill urgency and panic.

The scammers pretended to be the company's CEO and sent a WhatsApp message to employees (mostly top-level executives) on their personal phone numbers. They misused CEO’s publicly available pictures by using WhatsApp profile pictures as a social engineering tactic to convince the victim.

If the receiver of the SMS acknowledged the scammer with a response, the scammer requested the victim to complete a quick task which included purchasing gift cards for a client or employee and/or wiring funds to another business.

The scammers sent multiple messages asking when the request will be completed and stress the importance of this action. Similar to the "phishing" scams seen over email, this version relies on texts that lure potential victims into disclosing information or clicking on a link, said the report.

In some cases, the scammer may ask employees to send personal information (like PINs and passwords) to third parties, often providing a plausible reason to carry out the request.

Threat actors often use commanding and persuasive language to convince the email victim to respond.

Senior employees of the organisation can be looked up from LinkedIn.

Threat actors then use popular sales intelligence or lead generation tools such as Signalhire, Zoominfo, Rocket Reach to gather personal identifiable information (PII) like emails, phone numbers, and more.

"These online databases of businesses have their methodologies for obtaining, verifying, and then selling the employees' contact details of an entity," said the report.

Also Read: Budget 2023 | India allocates over Rs 600 crore to improve cybersecurity infra