A threat actor is trying to con female cybersecurity pros into downloading malware.
The warning comes from the Canadian-based Women CyberSecurity Society (WCS2), which says someone is targeting members of the leadership team, members, and volunteers, trying to trick them into clicking on malicious links in text-based phishing messages, which is also called smishing.
“A volunteer recently reported receiving a text message claiming to be from founder Lisa Kearney citing an urgent need for help,” the warning says.
“We believe others will be targeted in such a manner and we urge you to exercise caution when interacting with emails, messages and online links from someone who you don’t know.”
The text message asked the volunteer to buy some Google certificate back codes.
One key this is a scam: The sender said they were in a meeting, could only text and asked the volunteer “to run a task urgently.”
Experts say a message asking a person to do something quickly — such as spend money, send money, or send a copy of sensitive information — should be seen as suspicious.
WCS2 believes the threat actor used LinkedIn and open-source intelligence to gather information about the organization, members, and volunteers to target them.
The group asks members to
– Verify caller identity: If you receive a call claiming to be from the Women CyberSecurity Society, ask for the caller’s name and contact information. Hang up, independently verify the information through official channels, and call back using a published contact number;
– Do not click on suspicious links: Avoid clicking on any links received through phone calls, voicemails, or text messages, especially if the communication seems unexpected or unusual;
– Report suspicious activity: If you receive any communication that seems suspicious or if you believe you have been targeted, please report it immediately to WCS2’s security team;
– Use security software: Install and regularly update security software on your mobile device, desktop, laptops and tablets to help detect and prevent smishing attacks.
– Educate yourself: Stay informed about common phishing tactics and be cautious when receiving unexpected messages, even if they appear to be from familiar sources.
WCS2’s next event is Jan. 30, when it will host a two-hour webinar on how to start a new career in cybersecurity.