Webwyrm Scam Unleashes Worldwide Havoc: Over $100 Million Extorted

Elaborate Spoofing Campaign Targeting Thousands of Victims

Dubbed as “Webwyrm,” this campaign is believed to have been in operation since late 2022. However, it gained significant momentum early this year as the threat actors refined their tactics.

The range of impersonated brands spans more than 10 industries, with the threat actors enticing victims with counterfeit job offers via social media, particularly on encrypted messaging service WhatsApp. CloudSEK’s report suggests that the threat actors might be using data from recruitment portals to tailor their schemes.