Scams and impersonations are constantly evolving. Attackers take advantage of publicly available data and, through social engineering, manage to carry out fast, cheap, and highly effective fraud.
Executives (CEO, CISO, CFO, VP) are top-priority targets for social engineering and 👉all types of phishing. efore launching an attack, threat actors collect large amounts of publicly accessible information: emails, phone numbers, calendars, travel details, photos, suppliers, assistants, technologies in use, relatives, and even credentials. We call this the OSINT footprint.
The attacker’s first goal is to earn your trust. While doing so, they validate and cross-check data from open sources such as:
- SOCMINT (social media intelligence),
- IMINT (imagery and metadata),
- GEOINT (geolocation, events, travel),
- FININT (financial and payment traces).
Common scams include:
- New boss/supplier number: request to change the bank account “just for today.”.
- Urgency + confidentiality: “don't tell anyone”, “resolve this immediately”.
- Impersonation with real details: mentioning your hotel, event, or meeting (taken from social media).
- 6-digit codes / QR tricks: attempts to hijack WhatsApp or authorize payments.
- Audio/video (sometimes AI-generated deepfakesused to reinforce credibility.
- Fake groups with “colleagues” and “suppliers” (bots) supporting the scam narrative.
Recent scams observed in Colombia and Latin America:
- The first scheme is a financial fraud modality known as the “M&A Worldwide Scam” previously reported by our cyber-intelligence service Cattleya. In this attack, cybercriminals impersonate senior executives (e.g., CEO/CFO) to induce transfers, request bank account changes, and obtain payment approvals outside protocol, primarily through WhatsApp numbers with stolen photos of the impersonated individuals.
- The second scheme is impersonation assisted by “bots” for data extraction. The attack begins with a phone call where the actor poses as a financial advisor and warns of transactions in a different city than that of the account holder. Using real data previously collected to build trust, they then redirect the victim to a supposed “official bank chatbot” on WhatsApp. There, they request OTP, codes, credentials, card data, or redirect to phishing sites, completing the fraud.
When facing a possible scam, the main question is: how did they get my data? Remember, scammers often come armed with real information about the victim (job title, schedule, suppliers, family) to build credibility. The key is to reduce your exposure level on social media and online.
Quick recommendations:
- Privacy on social media: control who can see your posts, photos, and contact list.
- Searches of your own footprint (“Google dorking”).
- Search for your name and job title in quotes: “Name, Lastname” AND “Company“. Search alias/mail/phone number.
- Check if your ID appears in public documents and, if possible, request removal.
- Avoid posting sensitive information online: no desk photos, screens, QR codes, itineraries, or visible documents.
- Don’t reuse the same alias/username across platforms; vary usernames and, ideally, emails for registrations.
- Use a password manager (KeePassXC); and update all accounts periodically.
- Check if your emails are in data leaks and change any reused password; activate 2FA.
- Check if your emails appear in data breaches and change any reused password (Haveibeenpwn). Enable 2FA/MFA and review active sessions and connected apps.
👉At Cattleya, we provide VIP Monitoringan exclusive service for executives and high-profile individuals that measures and reduces their public footprint and impersonation risks.
We continuously analyze open sources centered on the individual:
• Social networks
• Messaging apps (public indicators)
• Mentions in media/forums
• Audiovisual content (photos and videos)
Our goal is to identify sensitive data (routines, locations, close circles, aliases, communication styles) that can be exploited in fraud.
For each executive, we generate a personalized exposure report and risk list (identities/aliases, social networks, credentials). We deliver tailored recommendations, immediate alerts for critical events such as information leaks, and a monthly progress report showing exposure reduction.
Monitor your digital assets in real-time . Get results from day one: stay ahead of fraud, impersonation, data leaks, and malicious activities across the Clear, Deep, and Dark Web with the platform that 👉protects leading brands in the financial sector.
