Morocco’s National Social Security Fund (CNSS) issued on October 5th an official statement alerting individuals about the danger of disclosing their personal information with unreliable sources, as it can be exploited for fraudulent purposes.
The statement included that CNSS “disassociates itself from individuals who have contacted a number of citizens impersonating representatives of the fund, demanding their banking information.”
In this regard, CNSS has pledged to closely monitor and investigate all the individuals involved in such fraudulent schemes and promised to take all necessary legal actions against them.
“The fund urges all its beneficiaries to verify the credibility of any news related to it or concerning their relationship with it, by following its official website and its official pages on social media platforms,” according to the same statement.
The fund called its beneficiaries to stay vigilant as well as cautious and protect their personal information from potential misuse, namely fraudulent activities.
Recently, Morocco has been witnessing a surge in targeted cyber-attacks and digital scams, including a recent phishing campaign honing in on customers of a telecom operator, leading many to question wether a large Moroccan company or institution has been breached.
Victims receive messages from someone claiming to be the CEO of a multinational company recruiting in Morocco, offering alluring salaries and job opportunities.
One of the recipients got a message from a phone number registered in America saying, “Hello, my name is Fatemeh Hassan, Human Resources Manager at Optimizer Digital Marketing Agency. We have a freelance job offer for you. Can I have a few minutes of your time to discuss the position details and benefits with you?”
Another sample included, “My name is Maryam, Human Resources Assistant at OMD Advertising Marketing Group.”
These kinds of messages are designed with malicious intent, aiming to extract personal information, launch financial scams, or gain unauthorized access to accounts.
Cybercriminals manipulate victims into clicking on links that lead to fraudulent ‘human resources services pages, when personal information, especially banking information, is extracted.
Many victims reported unauthorized withdrawals or purchases from their bank accounts and others were asked for money under the pretext of visa or employment feeds.
Most deceptive messages operate from European countries and the United States, however, there are some cases of fraud messages coming from Asia.
One of the recipients got a message from a number registered in Myanmar, saying “I am an agency from Instagram. You just need to like and screenshot. I will pay you a commission.” The message was written in very poor Arabic, making it obvious it was a scam.
Another message was sent from an Indonesian registered phone number, stating, “Greetings, my name is Mrs. Khadija, Director of Human Resources at. Can I have a few minutes of your time?”
Not only are individuals targeted in the phishing campaign, but also businesses. Nearly 40% of small and medium-sized businesses (SMEs) in Morocco consider themselves vulnerable to cyber risks.