A noticeable uptick in impersonation scams has raised concerns among organizations that regularly interact with clients and potential investors. Armed with basic reconnaissance and alternative communication platforms like WhatsApp and Telegram, malicious actors pose as legitimate company representatives, duping unsuspecting targets into disclosing sensitive information or investing money under false pretenses. Below is a concise guide to help businesses recognize and counter these scams.
What’s the scam?
The setup: Attackers discover key firm personnel using publicly available information, such as corporate websites, social media pages, and professional directories.
The hook: They pose as an executive or employee, contacting potential investors or clients through less secure platforms like WhatsApp or Telegram.
The ruse: The fraudsters may send official-looking documents, leverage legitimate company resources (such as the firm’s website and employee directory), or even place phone calls imitating a trusted individual.
The goal: Ultimately, these bad actors aim to build trust and trick targets into transferring funds, handing over sensitive data, or otherwise unknowingly assisting with a fraudulent scheme.
Take Immediate Action to Keep Everyone in the Loop
Notifying stakeholders
- Employees and internal teams: Make sure staff know how to spot signs of potential fraudulent communications and where to report them.
- Clients and external partners: Send out periodic advisories if scams come to light, clarifying approved communication methods and official contact points.
- Legal and compliance considerations: In cases where notifications may be legally required, coordinate with the appropriate departments to ensure your incident response plans match the requirements.
Warn and inform the public
- Website & social media alerts: Add a brief notice or banner to your site and social media that prompts visitors to stay vigilant. Confirm appropriate communication methods with all web visitors.
- Audit public contact details: Remove or minimize direct email addresses and personal phone numbers from online listings to reduce exposure.
Handling a suspected impersonation
Steer clear of direct engagement
- Cease communication promptly: If you receive a suspicious message or call, don’t reply or reveal additional information.
- Track your encounter: Document all interactions (e.g., screenshots) and share them with IT or management.
Confirm authenticity through trusted avenues
- Verify identities: If someone reaches out on WhatsApp, Telegram, or Signal and claims to be a colleague or executive, verify via a channel you know is legitimate (like a direct call to a known phone number or an email address you’ve used before).
Use the ‘report’ and ‘block’ functions
- Built-in protections: WhatsApp, Telegram, and Signal provide built-in options to flag and block suspicious accounts.
- Contact platform support: Consider emailing support@whatsapp.com with relevant evidence if the fraud occurs on WhatsApp.
- Report to authorities: In the United States, you can also report fraudulent activity to the FBI’s Internet Crime Complaint Center (IC3).
Ensure Enforcement of Security Measures
Multi-Factor Authentication (MFA)
- Confirm MFA usage: Enable MFA on all key systems, including WhatsApp, corporate email platforms, and any software-as-a-service (SaaS) tools.
- Secure your devices: Take MFA one step further by implementing device-based compliance requirements for company applications and workloads. Leverage tools such as Microsoft Intune or other Zero Trust providers to further protect users
Email Spoofing Protections
- Enhance email security: Configure and maintain SPF, DKIM, and DMARC records for the company’s email domain.
- Utilize filters: Deploy an advanced email filtering solution to detect and block spam or phishing attempts.
Brand Protection & Monitoring
- Monitor your online presence: Keep tabs on any unauthorized use of your firm’s logo, name, or domain by using brand-monitoring services.
Regular Training
- Make training a continuous effort: Encourage ongoing awareness sessions so employees remain alert to new tactics.
- Encourage early reporting: Emphasize the importance of immediately reporting suspicious activity, no matter how minor it may seem.
Cyber forensic assistance
- Seek external guidance: If an impersonation evolves into a broader security incident, especially if there are indications of system compromise, external forensic teams can assist with investigation and remediation. Additionally, consider engaging your Cyber Insurance provider, as they may offer coverage for forensic analysis costs to help mitigate financial and operational impacts.
Drawbridge is here to partner with firms looking to defend against these evolving impersonation attacks or those seeking to be proactive about their security posture. If you need assistance in evaluating your current safeguards, developing a response plan, or strengthening your technical defenses, our team is ready to help. Get in touch with us to learn more about our solutions and assessments that can protect both your organization and its stakeholders from sophisticated attacks like these.
References:
- What’sApp help center, “How to block and report someone”
- FBI’s Internet Crime Complaint Center (IC3), “Submit a complaint”
