Employees of the Cyberpolice of the Ministry of Internal Affairs of Russia have recorded an increase in fraudulent schemes using fake work chats. Attackers imitate internal correspondence of companies in order to steal confirmation codes and gain access to personal data and services of employees.
The Department of the Ministry of Internal Affairs for organizing the fight against illegal use of information and communication technologies reported that criminals are preparing for attacks in advance. They collect information about the victim's team from open sources and social networks, study names, positions and work connections.
After that, the scammers create a fake chat, where they add one real employee and several bots. Accounts are created under the names of colleagues, using real photos and copying the style of business communication.
Next, a message appears in the correspondence allegedly from the head or responsible employee. In it, participants are given a "service task." Most often, employees are asked to urgently transfer the confirmation code for "digitizing the archive," updating the system, or checking access.
Bots begin to actively support the request, confirm each other's actions, and demonstrate "loyalty" to the leadership. In this way, attackers create psychological pressure and push the victim to fulfill the requirement.
The cyberpolice recommend not to transmit codes and passwords via messengers, to check such requests through official communication channels, and to report suspicious chats to the security service and law enforcement agencies.
