It’s 4 p.m. You’re a few days into a new position and still getting oriented. Suddenly, an urgent text arrives. It’s your CEO, requesting Apple gift cards for a marquee client – an unusual, but seemingly legitimate request.
While many smishing (SMS phishing) attacks aim to steal passwords or credit card details, a new breed of social engineering is evolving. These attacks blend Smishing, Spear Phishing, and Business Email Compromise (BEC), creating what we’ll call Spear Smishing BEC. Their hybrid nature and velocity make them uniquely dangerous.
A New Threat to New Beginnings
LinkedIn posts celebrating new hires often provide cybercriminals with a wealth of information to exploit. Unfortunately, these criminals see such visibility as an opportunity. Smishing attacks – phishing scams conducted via SMS – are increasingly targeting new employees with highly personalized messages that appear to come from their company’s leadership. These scams frequently aim to trick victims into purchasing gift cards under false pretenses.
The speed and accuracy with which these attacks are launched suggest a concerning level of automation and intelligence – powered by bots.
Scraper Bots: The First Link in the Cybercrime Chain
Scraper bots harvest publicly available information from platforms like LinkedIn. Posts from new hires frequently include:
- The employee's name and role;
- The company's name and leadership team;
- A timestamp indicating when the employee started.
Company pages amplify visibility, making it easier for scraper bots to collect and analyze data. Bots map organizational structures by identifying connections, enabling attackers to impersonate executives with convincing precision.





