Boss Scam Alert: I4C Flags CEO Impersonation Fraud Targeting Employees

The Ministry of Home Affairs, through the Indian Cyber Crime Coordination Centre I4C has issued an alert regarding an emerging cyber fraud pattern known as the Boss Scam targeting organisations through impersonation techniques and digital deception.

What is Boss Scam

The Boss Scam is a cyber fraud technique where sophisticated cybercriminals contact CEOs or high-ranking officials as the initial target via email or WhatsApp while impersonating regulators such as the Reserve Bank of India (RBI). The communication falsely claims regulatory violations or urgent security requirements and pressures the recipient to respond within a very short timeframe, often to create urgency and bypass verification. The scam initially targets senior executives, whose compromise becomes the entry point for further fraud within the organisation.

How it works

It starts with urgent compliance messages sent to CEOs or senior executives. The message includes a ZIP file sent to company chiefs through email or WhatsApp, often made to look like an urgent message related to regulatory or security work. The advisory said, “Inside this archive is a malicious executable (.exe) accompanied by a Dynamic Link Library (.dll) file.” Once opened on a Windows system, it can install malware and hijack the device along with active WhatsApp Web sessions.

After gaining access, attackers use the compromised WhatsApp account of a senior official to message employees, especially finance teams, and push them to make urgent fund transfers to mule accounts. In some cases, they may also edit saved contacts on the device to make fake instructions appear as if they are coming from a trusted executive.

How to stay safe

I4C has advised organisations to independently verify any urgent financial request through direct communication methods such as phone calls or in-person confirmation. Users are cautioned against opening unknown attachments, especially executable files, as authorities do not send software updates through messaging platforms.

The advisory also recommended that users regularly check WhatsApp-linked devices, log out of inactive sessions, and maintain up-to-date endpoint security systems. Any suspected cyber fraud should be reported immediately via the national cybercrime helpline 1930 or the official portal cybercrime.gov.in.

These incidents highlight the need for strict verification protocols before acting on any financial instruction received through digital communication channels.