Hyderabad: The Telangana Cyber Security Bureau (TGCSB) has issued a crucial advisory to corporate and IT companies, alerting them to a rise in impersonation scams targeting finance and accounts personnel.
Cybercriminals leveraging Whatsapp, email, SMS
Cybercriminals are leveraging platforms such as WhatsApp, email, and SMS to pose as senior executives, including Chief Managing Directors (CMDs) and Chief Executive Officers (CEOs), in order to deceive employees into transferring large sums of money.
These scams often exploit the trust employees have in their leadership by mimicking their communication style and using familiar names or profile pictures.
In a recent incident, an accounts officer received a WhatsApp message from an unknown number that displayed the CMD’s profile picture.
The message instructed the officer to save the new number and urgently transfer funds to a specified bank account for a project.
Trusting the request due to the recognizable profile picture, the officer transferred a significant amount of money. However, the scam was uncovered when the CMD received a bank notification on their actual phone number, prompting the realization that the company had been defrauded. The incident was subsequently reported to authorities.
These scams often create a false sense of urgency: TGCSB
The TGCSB has highlighted that these scams often create a false sense of urgency to manipulate employees into acting quickly without verifying the authenticity of the requests.
Additionally, phishing emails from fake addresses claiming changes in bank account details have also been reported.
The bureau has urged companies to exercise caution when receiving financial instructions through digital channels and emphasized the importance of voice verification or direct confirmation from senior executives before proceeding with high-value transactions.
TGCSB recommends multi-level approvals
To combat these threats, TGCSB recommends implementing robust internal controls and multi-level transaction approvals within organizations.
It also advises training employees, particularly those in the Accounts and Finance departments, on identifying potential scams and responding appropriately.
Companies are encouraged to report suspicious communications or fraudulent incidents immediately by calling 1930 or visiting www.cybercrime.gov.in.
The director of TGCSB stressed the need for heightened vigilance against these sophisticated cyberattacks, which often exploit compromised employee contact details and familiar names to gain trust.
By verifying all financial transactions through official channels and fostering awareness among employees, organizations can significantly reduce their vulnerability to such scams.
