Though scammers have been using WhatsApp to deceive people into sending them money for quite some time, this practice has been limited to using fake profile pictures of friends and family members.
Now, scammers are taking the corporate world by storm by targeting company CEOs and other top-level executives.
A recent report by cybersecurity firm CloudSEK said that a new phishing campaign is on the loop where scammers are sending WhatsApp messages to personal numbers of employees pretending to be their CEOs or managers.
As shown in the above screenshot, a scammer, pretending to be the CEO of a company, asked an employee to purchase gift cards. Scammer used the CEOs’ publicly available picture as the profile picture and an unknown number to send the messages. (For privacy reasons, we hid the top portion of the WhatsApp chat that has the CEO’s profile picture.)
“In some cases, the scammer may ask employees to send personal information (like PINs and passwords) to third parties, often providing a plausible reason to carry out the request,” said the CloudSEK report.
Messages like this often have a persuasive and commanding tone, as per the report. They will also be sending frequent follow up messages asking for a timeline when the task will be completed.
Here’s how it happens
It is very easy for scammers to look up on LinkedIn for CEO profiles or other company information. Scammers also use popular sales intelligence or lead generation tools such as Signalhire, Zoominfo and Rocket Reach to gather email ids, phone numbers, and more inside information.