Cyber Security experts PureCyber has seen an increase in reports of sophisticated, fraudulent WhatsApp messages. As employers and employees in the legal sector frequently communicate on the popular application – particularly in terms of organising social events, charity fundraisers and more – we asked our Cyber Partner to provide a timely update on the scams and tips to stay secure.

Scammers are tracking down employees’ personal details and impersonating business leaders.

WhatsApp scams are nothing new, but they are becoming more sophisticated. Scammers use the names and photos of senior business leaders to pressure employees.

How the scams work

Largely aimed at deceiving employees, the scams exploit trust and authority to trick people into making mistakes that can be costly to businesses and individuals.

• Number sourcing: Individual details and phone numbers found in online databases.
• Impersonation: Scammers use names and photos of top executives, like CEOs or MDs
• Urgency: The message usually requests fast action
• Pressure & plausibility: The request adds pressure to help out or solve a problem

Common tricks & requests

Scammers will employ many manipulation tactics to prompt a quick response – asking for everything from gift cards to large sums of money, for example:

“I need a gift card for a client ASAP”

“Could you send the money to secure a deal immediately?”

“I’m travelling and can’t access expenses”

“Could you install this app/software and help me out?”

 

Real life impact

In November 2024, a Cardiff-based accountant was recently a victim of a targeted WhatsApp scam that saw her lose thousands.

Tracey Watkins was contacted by an ‘investment firm’ on WhatsApp. The messages encouraged her to install screen-sharing software to assist them in managing her investment.

This enabled the scammers to view all personal and financial details on the phone. In addition to draining funds from Tracey’s accounts, loans were also taken out in her name.

Not all approaches will look the same, and it’s important to remain vigilant against unexpected requests and unrealistic offers.

How do you protect yourself?

• Verify the sender: Use another known channel to contact the person and confirm any unexpected requests
• Payment processes: Create and follow verification processes when any form of payment is requested or bank details changed
• Limit information sharing: Avoid sharing personal or professional contact details publicly
• Education and training: Regular awareness sessions in workplaces improve recognition of phishing and other scams

What should you do if you’re targeted?

• Do not respond in any way to the scammer
• Report the message to your security team or IT department
• Make colleagues and friends aware that you’ve been targeted to help prevent further attacks

More cyber security resources