- What is the cybercrime that the government has identified?
The Indian Cyber Crime Coordination Centre (I4C) has identified an emerging cybercrime trend known as the “Boss Scam” or CEO impersonation fraud. Under this scheme, cybercriminals target senior executives and high-ranking officials by posing as regulators and sending messages that appear to require urgent action. Once successful, the fraudsters use the executive’s identity to facilitate unauthorised financial transactions.
- How do cybercriminals carry out the attack?
According to the advisory, attackers contact executives by email or WhatsApp while impersonating regulators such as the Reserve Bank of India (RBI). The message typically claims there has been a regulatory violation or security issue requiring immediate attention.
The communication contains a compressed ZIP file carrying a malicious executable (.exe) and supporting files. When the attachment is opened on a Windows device, malware is installed and gains access to the system.
- How does the fraud affect the WhatsApp account?
The malware can compromise active WhatsApp web access to the executive’s device. This enables fraudsters to take control of WhatsApp’s communication and interact with employees using what appears to be a legitimate account. The advisory notes that the attack is designed to hijack an active WhatsApp session rather than merely send phishing messages.
- How are fraudulent fund transfers initiated?
Once the access is obtained, fraudsters contact finance department personnel using the executive’s WhatsApp account and issue instructions for urgent payments to specified bank accounts. The advisory also notes that attackers may manipulate contact lists by saving a fraudulent number under the executive’s name and using that number to communicate with employees and request fund transfers. Finance teams are therefore a key target in the scheme.
- What precautions has the government advised?
The centre has asked the companies to verify urgent financial requests via direct voice calls or in-person confirmation instead of relying solely on WhatsApp messages or emails. It has also advised organisations not to install executable files received from unknown sources and to regularly review linked WhatsApp devices, enforce restrictions on unauthorised software execution and maintain updated malware protection systems.
The advisory further cautions users against opening the software files received through unsolicited messages and notes that regulators do not distribute software updates through WhatsApp. The government has urged citizens and organisations to report cyber fraud incidents through the national cybercrime helpline 1930 or the cybercrime reporting portal.
- Why does it matter?
The advisory highlights a cyber fraud method that combines malware infection with impersonation of senior executives, allowing attackers to misuse trusted communication channels to seek unauthorised financial transfers. The warning is aimed at helping organisations strengthen verification procedures and cybersecurity practices against such attacks