Female cybersecurity pros face smishing threats; WCS2 advises caution. Urgent scam warning against clicking suspicious links. (IT World Canada)
The Women CyberSecurity Society (WCS2) based in Canada has issued a warning about a concerning trend targeting female cybersecurity professionals. An unidentified threat actor has been attempting to deceive members of the leadership team, volunteers, and other members into downloading harmful software by utilizing text-based phishing, commonly known as smishing.
The cautionary alert stemmed from a recent incident involving a volunteer who received a text message purportedly from the organization's founder, Lisa Kearney. The message claimed an urgent need for assistance, signaling a potential scam tactic used to manipulate individuals into clicking on malicious links.
Highlighting the suspicious nature of the communication, the text requested the volunteer to purchase Google certificate back codes. Notably, the sender emphasized urgency by stating their inability to communicate via a call due to being in a meeting, thereby pressuring the volunteer to fulfill the task promptly.
Security experts emphasize that urgent requests demanding immediate action, particularly those involving financial transactions or sharing sensitive information, should raise suspicion and caution among recipients.
WCS2 suspects that the threat actor gathered information about the organization, its members, and volunteers through platforms like LinkedIn and open-source intelligence to specifically target them.
In response to these targeted attacks, WCS2 has advised its members to take several precautionary measures, including verifying the identity of callers claiming association with the society by independently confirming their details through official channels before responding. Additionally, members are urged to refrain from clicking on any suspicious links received via calls, voicemails, or texts, especially those that appear unexpected or unusual.
The society also encourages prompt reporting of any suspicious activities or suspected targeting incidents to their security team for immediate action. Moreover, installing and consistently updating security software across various devices is recommended to detect and prevent smishing attacks.
Lastly, WCS2 emphasizes the importance of ongoing education and awareness about common phishing strategies. Members are advised to exercise caution when receiving unexpected messages, even if seemingly from familiar sources, to mitigate the risk of falling victim to such deceptive tactics.
