Officers of the cyber police of the Russian Ministry of Internal Affairs have recorded a rise in fraudulent schemes involving fake work chats. Attackers imitate internal company correspondence in order to steal confirmation codes and gain access to employees' personal data and services.
The Directorate of the Ministry of Internal Affairs for Organizing the Fight Against the Illegal Use of Information and Communication Technologies reported that criminals prepare for attacks in advance. They gather information about the victim's team from open sources and social media, studying names, positions, and working relationships.
After that, the scammers create a fake chat, adding one real employee and several bots. The accounts are set up under colleagues' names, use real photographs, and copy the style of business communication.
Next, a message supposedly from a manager or responsible employee appears in the correspondence. It assigns participants an "official task." Most often, employees are urgently asked to provide a confirmation code for the "digitization of the archive," a system update, or an access check.
The bots begin actively supporting the request, confirming each other's actions and demonstrating "loyalty" to management. In this way, the attackers create psychological pressure and push the victim to comply with the demand.
The cyber police recommend not sharing codes and passwords through messengers, verifying such requests through official communication channels, and reporting suspicious chats to the security service and law enforcement agencies.