top of page
Culture Gem Logo

From WhatsApp to Work Emails: The Rise of Personalised Phishing Attacks

12 minutes ago2 min read

Phishing scams used to be easy to spot. Bad spelling, dodgy email addresses, and vague "urgent" requests gave them away. Now, attackers are playing smart.

They’re scanning social media, scraping leaked databases, and even pulling details from your own emails. That "friendly" WhatsApp from a colleague? The urgent message from your CEO? They might not be real.


Phishing is Getting Personal

Cybercriminals aren’t just guessing anymore. They’re researching their victims.

Attackers scrape LinkedIn to see where you work. They spot a tweet about your upcoming conference. If your email was leaked in a data breach, they know which services you use. AI helps them craft messages that sound eerily real.


That’s why a scam email might say:

"Hey Sarah, saw your post about the cybersecurity event. Can you review this report before the meeting?"

It’s much harder to ignore than "Dear user, urgent message, click now!"


Real Examples of Personalised Phishing

  • CEO Fraud

    • An employee gets an email that looks like it’s from their CEO. The message asks for an urgent bank transfer. It sounds legitimate, but the sender’s address is slightly off. Money gone.

  • Fake WhatsApp Messages

    • A scammer sends a message: "Hey, I lost my phone. This is my new number. Can you send over that report?" A colleague falls for it and hands over confidential info.

  • Business Email Compromise (BEC)

    • Attackers hack into a real business email account and send scam invoices from within the company. No one questions it until the money disappears.


How to Spot These Attacks

  • If a request feels urgent, verify it with a phone call.

  • Watch for small but odd details—an unusual tone, a slightly wrong email address, a strange request.

  • Never send payments or sensitive data based on an email or message alone. Always confirm first.


How to Stay Safe

  • Lock down your social media. Attackers love oversharing. Keep work details private.

  • Use multi-factor authentication (MFA). If your password gets leaked, MFA helps stop hackers.

  • Think twice before acting. If something feels off, double-check. A five-second call can stop a scam.


Final Thought

Phishing isn’t just about dodgy emails anymore. It’s personal, calculated, and AI-powered. But when you know what to look for, you make their job a lot harder.


bottom of page