Text Size    Member Login Join the 1818 Society
Urgent Alert: WBG Staff Impersonation Attacks - 1818 Society
Member Login

Urgent Alert: WBG Staff Impersonation Attacks

(extracted from WBG News: Intranet announcement)

In recent days, we have observed an increasing number of social engineering attacks targeting staff and clients. Attackers are impersonating World Bank Group Senior Management via voicemail, calls, or instant message (SMS, WhatsApp, Telegram). These communications convey a sense of urgency, ask you to maintain secrecy, or request actions that are not normal business.

These attacks are also using deepfake and other technologies to create convincing voice and video impersonations. And the attackers are spoofing phone numbers making the call or text appear to come from your contacts list. They may impersonate someone you know, but you are their target.

How to Stay Safe

  • Do not trust new and unexpected communications via text, calls, voicemail, or email. Always validate by calling a previously saved number from your files or contacts list.

  • Be suspicious of any communication that conveys a sense of urgency, asks you to switch to another messaging app such as WhatsApp or Telegram, directs you to take immediate and uncharacteristic action, or is from an unknown source.

  • If anything appears suspicious, please reach out to the 24*7 WBG Information Security Operations Center where specialists can assist you.

  • While we cannot prevent these attacks as they do not involve our IT systems, it is important that you report these incidents so that the Office of Information Security can respond with more guidance if these attacks change or escalate.

  • We strongly encourage you to use our IT solutions (such as Outlook, Teams, and WebEx) to conduct official business to the full extent possible.

In addition, please take these steps to ensure that your messaging apps are resilient to account takeovers.

For your messaging apps:

  • Set up two-step verification to prevent the unauthorized addition of a new device to your account.

  • Check your account settings and remove any sessions that you do not recognize.

  • Set up a recovery email to aid account recovery if needed.

For your mobile phone:

  • Change the default voicemail PIN for the phone number associated with the messaging app.

These attacks could impersonate you to target your contacts, clients, and partners. It is important that you share this message with them and please find a suggested template below:

Please be aware that the World Bank Group will never ask for payments or confidential information over chat or text. If you receive any unexpected communication that seems suspicious, please verify its authenticity by emailing or calling your point of contact at the World Bank Group.

Thank you for your vigilance,

Amy Jean Doherty
Vice President and Chief Information Officer
Information and Technology Solutions