Fraud? Attack on IT companies

83 years have passed, but the poster remains relevant

83 years have passed, but the poster remains relevant

It all started like everyone else, the director supposedly writes, he’s trying to find out something about the team and… and that’s all.

No “FSB/MVD/HOA captains” called, no one accused me of treason, and there was no suspicious activity on the accounts.

I am writing, of course, based on the publication Fraudsters. The vector of an attack on IT specialists via LinkedIn (even the preview picture is the same – but this is already a classic), when I read it, at first I thought: “oh, this is just our case, I wonder what it was,” but then I realized that the case was not entirely ours, but I still didn’t understand what it was. Therefore, I will describe how everything happened, maybe we encountered some problems, maybe we have some thoughts.

And it was like this…

Somewhere at the end of last year, 2023, the pseudo CEO wrote to some employees (I am NOT one of them) in Telegram.

It is characteristic that all the employees to whom they wrote have been working in the company for a long time, at least 4 years, i.e. If a data leak occurred, then it’s not a fact that no one wrote to employees who were hired relatively recently yesterday.

The unexpected appearance of two directors at once in a telegram is suspicious, especially since he is sitting in the next office and you can go in to discuss, someone did just that with the words: “look, you are writing to me now and not writing at the same time.”

It immediately became clear that these were scammers; it was not clear what they wanted. And they asked about job satisfaction, for example: “do you have any difficulties?”, “do you like your work?”, “maybe there are any wishes?”, “is everything satisfied with you?” Such questions are about everything and nothing in particular.

At the end, the scammer said that the company is expecting an audit, inspectors and auditors will come, perhaps they will write to you – provide assistance. We have already prepared that now the captain-majors of justice, and perhaps a whole general from the infantry, will start writing, but nothing happened.

It all happened again at the beginning of this year, 2024, but the “director” wrote to other people, this time, including me.

What is characteristic here is that, again, all these people have been working for a very long time, and that over these few months the whole company has already managed to discuss last year’s strange scammers.

He asked if I had any conflicts at work.

My colleagues and I are composing an answer

My colleagues and I are composing an answer

Someone did not communicate with them, immediately sent them to the black list, but I was wondering how this could end, whether there would be development, in general, it was necessary to somehow not scare them off, i.e. answer in a matter-of-fact manner, and so that nothing is clear.

Someone suggested quoting a cartoon about Masyanya, well, you get the idea:

Hello… Who is this? Director? Fuck you, director, no time for you right now.

So that it is immediately clear who the conflict is with and no more stupid questions are asked.

... not up to you right now

… not up to you right now

Well, this was too obvious a hint that I realized that I was not talking to the director, so I simply answered that there were no conflicts, and also clarified whether I meant only those who were still alive. Ostensibly a joke, to dilute a supposedly serious conversation.

That's all, the scammer deleted the chat and didn't write anymore.

What was it?

And most importantly, who was it? And where did the leak come from? What did you want?

Customer

Maybe this is a potential or current customer (the company is engaged in custom software development), trying to understand what kind of team we have, and whether we will close in two days due to internal conflicts?!

The leak, in this case, could have come from some kind of competitive application (possibly even a very old one, since there are no new employees on the list of “interviewees”).

Well, this is strange, you can just find out the history of the company, and draw a conclusion from this, especially since they wrote to employees who have been working for a long time, since they worked for so long, why did they suddenly suddenly change their minds and break up?!

Competitors

Alternatively, in order to find out “xy from xy”, it can lure away the dissatisfied. But again, it’s strange to look for “dissatisfied” people among those who have been working for a long time; it is clear that everything can change unexpectedly, but with these people they have obviously learned to find compromises.

Another thing is that I know someone who has been working for a long time, and it looks strange to me, but they, those who write, may not know this.

Former employees

In this case, it’s clear where the leak comes from, it’s clear why they write only to those who have been working for a long time – they don’t know anything about the rest. It's not clear why? What's the point if they want to invite you because of positive memories of working together, they would immediately write: “How are you? Come join us!”

The version is convenient – it explains a lot, except the most important thing.

Founders

Well, you never know, we decided to find out how things were going in their company. In this strange way, on behalf of the director: if they suspect that employees may be hiding something from the founders, then why did they decide that they would be frank with the director?!

It’s clear where they got their contacts, it’s unclear why they limited themselves to only them, although they could potentially reach everyone.

And why do they write so recklessly to people who are sitting in the office next to the director’s and can simply come to him?

Auditors

If someone hires auditors, then the data could be provided to them, although it’s ugly – that’s why it’s apparently encrypted.

And it is not clear why auditors need this; they should be more interested in accounting, and not in conflicts in the team. Maybe the idea is that those “who have a tooth” can tell in which closet the skeletons are hiding…

Talkativeness test

One of his friends decided to try to talk to everyone and determine which of his colleagues is the most carefree and chatty, and who has his mouth shut.

But then it’s unclear why a second pass was needed, because when they just started writing, the whole team immediately knew that some strange people were asking strange questions – there was no point in continuing. And from the very beginning there was no point in writing to those who would notice that there were suddenly two chats with the director.

True scammers

About half a year has passed since the first messages, if this is a standard divorce with accusations of violating the constitution, then somehow they started very far away and are playing for the long haul. Do scammers really have such a long planning horizon?!

?

Actually, I don’t have any plausible versions, it’s clear that someone wants to get some information out of deception. It’s not clear to me what use it is.

Have you ever encountered anything similar? Do you have any ideas about why this is?

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *