Female cyber pros group targeted in phishing scam

A threat actor is trying to con female cybersecurity pros into downloading malware.

The warning comes from the Canadian-based Women CyberSecurity Society (WCS2), which says someone is targeting members of the leadership team, members, and volunteers, trying to trick them into clicking on malicious links in text-based phishing messages, which is also called smishing.

“A volunteer recently reported receiving a text message claiming to be from founder Lisa Kearney citing an urgent need for help,” the warning says.

“We believe others will be targeted in such a manner and we urge you to exercise caution when interacting with emails, messages and online links from someone who you don’t know.”

The text message asked the volunteer to buy some Google certificate back codes.

One key this is a scam: The sender said they were in a meeting, could only text and asked the volunteer “to run a task urgently.”

Experts say a message asking a person to do something quickly — such as spend money, send money, or send a copy of sensitive information — should be seen as suspicious.

WCS2 believes the threat actor used LinkedIn and open-source intelligence to gather information about the organization, members, and volunteers to target them.

The group asks members to

– Verify caller identity: If you receive a call claiming to be from the Women CyberSecurity Society, ask for the caller’s name and contact information. Hang up, independently verify the information through official channels, and call back using a published contact number;

– Do not click on suspicious links: Avoid clicking on any links received through phone calls, voicemails, or text messages, especially if the communication seems unexpected or unusual;

– Report suspicious activity: If you receive any communication that seems suspicious or if you believe you have been targeted, please report it immediately to WCS2’s security team;

– Use security software: Install and regularly update security software on your mobile device, desktop, laptops and tablets to help detect and prevent smishing attacks.

– Educate yourself: Stay informed about common phishing tactics and be cautious when receiving unexpected messages, even if they appear to be from familiar sources.

WCS2’s next event is Jan. 30, when it will host a two-hour webinar on how to start a new career in cybersecurity.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including ITBusiness.ca. Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs