Financial services firms are being urged to stay vigilant as reports emerge of executives and employees being impersonated in WhatsApp scams that have led to significant financial losses for investors.
ACA, a provider of scalable compliance, risk and technology solutions, recently delved into the topic and why firms should be on high alert for similar attacks.
The incidents involve fraudsters posing as senior members of their organisations and target a combination of existing clients, potential clients, and employees. These impersonators leverage publicly available information, often sourced from social media, to establish credibility before requesting payments for services, soliciting banking details for supposed refunds, or demanding sensitive corporate information.
While it remains unclear whether these incidents are isolated or part of a larger coordinated campaign, financial institutions are being advised to heighten their security measures to counter the growing threat of impersonation fraud.
Growing threat of impersonation attacks
Although impersonation scams are not a new phenomenon, they have surged since late 2024, with fraudsters increasingly incorporating phishing links to extract personal and financial data. The rise in the use of encrypted messaging apps, such as WhatsApp and Telegram, has made it more difficult to verify identities, further enabling cybercriminals to exploit unsuspecting victims.
Despite the challenge in preventing such attacks entirely, financial firms can take proactive measures to mitigate risks and safeguard their clients, employees, and reputations.
Steps to protect against impersonation scams
- Raise awareness among employees and clients – Firms should educate clients and staff on legitimate communication channels and outline clear steps to follow if they receive suspicious messages. Best practices include:
- Avoid responding to unsolicited messages received via unapproved channels.
- Verify communications by reaching out to the firm through official contact details.
- Be cautious of any urgent requests for payments or sensitive information.
- Report suspected scams to law enforcement immediately.
- Include impersonation attacks in incident response planning – Firms should incorporate protections against impersonation scams into their cybersecurity plans. This includes leveraging tools and services capable of detecting and taking down fraudulent sites and accounts. Additionally, companies should have clear protocols for reporting these incidents to law enforcement and relevant regulatory bodies.
- Monitor regulatory guidance – Regulators have issued guidance on how firms should respond to impersonation attacks. The Financial Industry Regulatory Authority (FINRA), for example, has provided recommendations to help firms counter attempts to impersonate its staff.
Cybersecurity solutions to enhance protection
ACA Aponix® offers a range of cybersecurity solutions designed to strengthen firms’ defenses against cyber threats, including impersonation attacks:
- Aponix Protect™ – A cybersecurity and risk management solution that helps firms develop comprehensive protection tailored to their business needs.
- ACA Vantage for Cyber – A monitoring tool that provides cyber health insights for portfolio companies by integrating advisory services, ComplianceAlpha® technology, and RealRisk assessments to mitigate threats.
- Aponix Business Continuity Plan (BCP) Assessment – A solution that evaluates an organisation’s preparedness for disruptions, identifying critical business functions, assessing potential risks, and providing actionable recommendations to enhance resilience.
Copyright © 2025 FinTech Global
Copyright © 2018 RegTech Analyst
