The Telangana Cyber Security Bureau (TGCSB) has issued a warning to corporate offices and IT firms about a rise in sophisticated impersonation scams targeting financial personnel. These scams involve cyber criminals posing as high-ranking executives, such as company chairpersons and CEOs, using platforms like WhatsApp, email, and SMS to trick accounts officers into transferring large sums of money for supposed urgent business needs.
One recent case involved an accounts officer who received a WhatsApp message from an unfamiliar number displaying the profile picture of the company’s CMD. The sender claimed to be the executive and asked the officer to update their contact information. Soon after, the scammer requested an immediate fund transfer for a purported critical project. Believing the request to be legitimate, the officer transferred a significant amount, only to later discover that it was a fraudulent scheme.
In other incidents, phishing emails from fake or similar-looking addresses have been used to falsely claim changes in the company’s bank account details, prompting the rerouting of transactions. These fraudsters are adept at replicating the language, visual elements, and communication style of authentic corporate communications, enabling them to bypass standard security measures and directly target the accounts department.
To combat these scams, the TGCSB has recommended that companies strengthen their internal controls and implement rigorous verification procedures. It is crucial for any financial directives received through digital channels to be verified via direct voice contact with the alleged sender before initiating any transactions. Additionally, organisations are urged to establish multi-tier approval processes and conduct regular training sessions for employees in departments like finance, accounts, HR, and administration.
By taking these proactive measures, businesses can reduce the risk of falling victim to impersonation scams and safeguard their financial assets. The TGCSB’s advice serves as a timely reminder for corporate entities to remain vigilant and prioritize cybersecurity measures to protect against evolving digital threats.