All you need to know about “Boss Scam”

The Union Ministry of Home Affairs (MHA) has warned companies across India about a cyberfraud in which criminals impersonate regulators and senior executives, use malicious Windows files to compromise devices, hijack active WhatsApp sessions and issue fraudulent payment instructions. The Indian cybercrime coordination centre said the scam known as “the Boss Scam” or CEO impersonation fraud targets high-ranking officials and finance teams via emails and WhatsApp messages disguised as urgent regulatory communications.

Listen to this article
  1. What is the cybercrime that the government has identified?

The Indian Cyber Crime Coordination Centre (I4C) has identified an emerging cybercrime trend known as the “Boss Scam” or CEO impersonation fraud. Under this scheme, cybercriminals target senior executives and high-ranking officials by posing as regulators and sending messages that appear to require urgent action. Once successful, the fraudsters use the executive’s identity to facilitate unauthorised financial transactions.

  1. How do cybercriminals carry out the attack?

According to the advisory, attackers contact executives by email or WhatsApp while impersonating regulators such as the Reserve Bank of India (RBI). The message typically claims there has been a regulatory violation or security issue requiring immediate attention.

The communication contains a compressed ZIP file carrying a malicious executable (.exe) and supporting files. When the attachment is opened on a Windows device, malware is installed and gains access to the system.

  1. How does the fraud affect the WhatsApp account?

The malware can compromise active WhatsApp web access to the executive’s device. This enables fraudsters to take control of WhatsApp’s communication and interact with employees using what appears to be a legitimate account. The advisory notes that the attack is designed to hijack an active WhatsApp session rather than merely send phishing messages.

  1. How are fraudulent fund transfers initiated?

Once the access is obtained, fraudsters contact finance department personnel using the executive’s WhatsApp account and issue instructions for urgent payments to specified bank accounts. The advisory also notes that attackers may manipulate contact lists by saving a fraudulent number under the executive’s name and using that number to communicate with employees and request fund transfers. Finance teams are therefore a key target in the scheme.

  1. What precautions has the government advised?

The centre has asked the companies to verify urgent financial requests via direct voice calls or in-person confirmation instead of relying solely on WhatsApp messages or emails. It has also advised organisations not to install executable files received from unknown sources and to regularly review linked WhatsApp devices, enforce restrictions on unauthorised software execution and maintain updated malware protection systems.

The advisory further cautions users against opening the software files received through unsolicited messages and notes that regulators do not distribute software updates through WhatsApp. The government has urged citizens and organisations to report cyber fraud incidents through the national cybercrime helpline 1930 or the cybercrime reporting portal.

  1. Why does it matter?

The advisory highlights a cyber fraud method that combines malware infection with impersonation of senior executives, allowing attackers to misuse trusted communication channels to seek unauthorised financial transfers. The warning is aimed at helping organisations strengthen verification procedures and cybersecurity practices against such attacks

Latest

India Post records highest ever Q1 revenue

The Minister held Business Review Meeting with all 23...

MRF ranked India’s most valuable tyre brand

The company also featured among the Top 50 most...

Aditya Birla Group buys Shell’s renewable arm for $1.8 bln

The company will make the acquisition from Shell Overseas...

TVS Emerald to develop residential project in West Chennai

The Koyembedu–Poonamallee corridor, a rapidly expanding residential micro-market that...

Newsletter

Don't miss

India Post records highest ever Q1 revenue

The Minister held Business Review Meeting with all 23...

MRF ranked India’s most valuable tyre brand

The company also featured among the Top 50 most...

Aditya Birla Group buys Shell’s renewable arm for $1.8 bln

The company will make the acquisition from Shell Overseas...

TVS Emerald to develop residential project in West Chennai

The Koyembedu–Poonamallee corridor, a rapidly expanding residential micro-market that...

Retail Inflation crosses 4% in June

“Food inflation contributed 185 basis points (bps), while non-food...

India Post records highest ever Q1 revenue

The Minister held Business Review Meeting with all 23 Circles of India Post, which reviewed performance and charted the roadmap for the months ahead. India...

MRF ranked India’s most valuable tyre brand

The company also featured among the Top 50 most valuable brands in India across sectors in the report. Brand Finance India report, unveiled under the...

Aditya Birla Group buys Shell’s renewable arm for $1.8 bln

The company will make the acquisition from Shell Overseas Investment B.V and the transaction is amongst the largest acquisitions in India’s renewable energy sector...