Our KSRC (Karen IT Security Response Center) team recently dealt with a persistent scam that highlights the boldness of cyber criminals. Here's the exact story as it unfolded.

The story begins with our employee creating a LinkedIn account. The scammers, from LinkedIn, obtained the employee's name and also found out name of the CEO. Then, they sent emails to [email protected] (where "name" refers to the employee's name).

Since this username didn't exist at all, and our KSRC team had set up a catch-all domain for threat identification, we encountered these sent emails.

In the first email, they simply tried to get the employee's WhatsApp number. But in subsequent messages, they sent new emails with the CEO's name (for example, creating an email with username [email protected] but the sender name was the CEO).

When our KSRC team observed this, we decided to continue the story. We created a virtual number and sent it to them. They created an account with a UK virtual number, using the CEO's name and Karen IT logo as the profile picture, and messaged.

They, posing as the CEO, requested from the victim: "I have a confidential mission for you, go to Carrefour and buy dollar-denominated Apple gift cards" (now, how they chose the target and were looking for U.S. Apple gift cards in the Emirates is interesting).

 

 

We continued for a few messages and then got tired and ended it, and they blocked us.

 

Was this the end of the story? No, they sent various emails again, repeating the same method and spoofing the name, and all accounts were Gmail. Today, we sent them a number again, and again a new account with the CEO's name and UK number messaged us, and again requested gift cards, this time from the nearest store.

 

We played with them a bit and also sent them a Carrefour photo and said Apple gift cards were out of stock, we need to go to another branch, but they were so insistent that they requested a photo of the available gift cards so we could at least make a purchase. We ended the game.

 

It's interesting why they decided to message a cybersecurity company like this and thought we'd become victims, and even more interesting that they repeat the same method and message again. We reported this issue to Google and WhatsApp but observed no action from them. In the end, we remind you to always be aware, cyber criminals are lurking.

 

STAY ALERT, STAY INFORMED, STAY PROTECTED!