The past few days have seen a surge in high-impact cybersecurity incidents, ranging from sophisticated supply chain attacks to large-scale financial frauds and ransomware breaches. This article delves into these threats, providing expert recommendations and references to original reports.
Financial Frauds: WhatsApp Scams and Interstate Cyber Gangs
Hyderabad police warned of a new WhatsApp fraud targeting corporate executives (CEOs, CFOs, accountants). The scam begins with phishing emails containing malware links, which grant attackers remote access to victims’ systems. Fraudsters then exploit active WhatsApp Web sessions to send urgent payment requests from compromised executive accounts, often siphoning crores of rupees into fraudulent accounts. This scam highlights the vulnerabilities in corporate communication systems, particularly WhatsApp Web sessions, which can be easily exploited by cybercriminals. The modus operandi involves a combination of phishing, malware installation, and social engineering to deceive employees into making unauthorized transfers. Implementing multi-person approval for transactions and disabling WhatsApp Web auto-login can mitigate such risks. Further analysis indicates that these scams are part of a broader trend of financial fraud targeting businesses. As cybercriminals become more sophisticated, it is crucial for organizations to stay vigilant and adopt robust cybersecurity measures to protect against such threats.
Financial Frauds: WhatsApp Scams and Interstate Cyber Gangs
Hyderabad police warned of a new WhatsApp fraud targeting corporate executives. The scam begins with phishing emails containing malware links, which grant attackers remote access to victims’ systems. Fraudsters then exploit active WhatsApp Web sessions to send urgent payment requests from compromised executive accounts, siphoning crores of rupees into fraudulent accounts.
Modus Operandi:
- Phishing email → malware installation → system compromise.
- Exploit WhatsApp Web sessions to impersonate executives.
- Pressure employees with fake urgency (e.g., “in a meeting, transfer funds immediately”).
Advisory:
- Verify all payment requests via direct phone calls.
- Log out of WhatsApp Web after use.
- Install firewalls/antivirus and conduct cybersecurity training. See the original article here.
Ghazipur Police arrested three members of an interstate cyber gang operating ‘Crown Pay’, which defrauded victims via Telegram-based investment scams. The group:
- Lured victims with fake trading/gaming offers.
- Opened 700 mule accounts using forged Aadhaar/PAN details.
- Routed Rs 67 crore through crypto platforms (e.g., Binance).
- Used APK-based OTP interceptors to automate fraud.
Arrested Accused:
- Rishiraj (diploma engineer)
- Rohan Kumar (ex-DRDO contractor)
- Sachin Singh (postgraduate)
The gang earned Rs 4.25 crore collectively, with funds laundered via crypto wallets. The MHA and UP Cyber Crime HQ were alerted due to the pan-India scale. See the original article here.
A 42-year-old man in Thane lost Rs 71.1 lakh to fraudsters posing as CBI officers. The scam unfolded as follows:
- Initial call from a fake TRAI official accusing the victim of sending “abusive messages.”
- Handed over to fake CBI/ED officers who sent forged Supreme Court documents.
- Extorted money in phases under the pretext of “settling the case.”
The fraud was exposed when the victim’s wife verified the documents and found discrepancies. A case was registered under the IT Act at Tilak Nagar Police Station. See the original article here.
Threats and frauds continue to escalate.
Ransomware and Data Breaches
Germany’s Die Linke political party confirmed a ransomware attack by the Qilin group, resulting in the theft of 1.5 terabytes of data, including internal communications and personal data. The party notified data protection authorities and law enforcement, engaged forensic specialists to scope the breach, and began notifying affected individuals.
This attack follows a trend of ransomware groups exfiltrating data before encryption to increase leverage. The Qilin group, known for high-impact attacks, listed Die Linke on its dark web portal, adding pressure. See the original article here.
The breach underscores the need for organizations to distinguish between confirmed data exposure and assumed critical-system compromise. Lessons for CISOs include:
- Prepare for leak-site pressure and prioritize early regulatory coordination for GDPR compliance.
- Isolate backups and test incident response plans for leak-site scenarios.
For more insights on data breaches and mitigation strategies, refer to .
Public Advisories and Preventive Measures
Rajasthan Police issued an advisory against handing unlocked phones to strangers, citing a rise in call-forwarding scams at public places. Fraudsters use victims’ phones to divert OTPs via USSD codes (e.g., *#21#). They install spyware/keyloggers and extort contacts. Preventive steps include dialing *#21# to check call-forwarding status, using biometric/PIN locks for payment apps, and reporting fraud to 1930. See the original article here.
Final words
Cybersecurity threats continue to evolve, impacting both individuals and organizations. It is crucial to stay informed and implement robust preventive measures to mitigate risks. Regular audits, multi-factor authentication, and employee training are essential. For more information, visit cybercrime.gov.in.