News

Boss Scam Alert: Cyber Criminals Are Using WhatsApp To Trick Employees Into Sending Company Funds

Cyber criminals are using fake messages, malware and impersonation tactics to pressure employees into making urgent payments. I4C has issued an advisory on how to stay safe and verify such payment requests through a phone call or official communication channels before transferring any fund or sharing any official document

AI Generated
Boss Scam Alert Photo: AI Generated
info_icon
Summary

Summary of this article

  • Cyber scammers impersonate bosses to trick employees into sending funds.

  • Malware hidden in fake files can hijack WhatsApp Web accounts.

  • Verify payment requests through official channels before transferring money.

The Indian Cyber Crime Coordination Centre’s (I4C) CyberDost platform has cautioned about a growing cyber fraud known as the “Boss Scam”, where fraudsters pretending as senior company officials pressure employees to transfer money. 

In a post on X, CyberDost has said that cyber criminals are using platforms, such as WhatsApp and Microsoft Teams to impersonate chief executive officers (CEOs), senior executives or managers. The fraud typically begins with an urgent payment request, making it appear as though it has come from a senior official within the organisation.

The agency has also shared an advisory explaining that scammers have adopted a new method to gain access to WhatsApp accounts before carrying out the fraud.

Malware Hidden In Fake Documents

According to the advisory, CEOs and senior executives may receive files in .ZIP or .ISO format disguised as important business documents.

When these files are opened, the malware is installed on the device. In turn, this allows cyber criminals to gain access to the victim’s WhatsApp Web account. Upon gaining access, the cyber criminals can impersonate the accountholder and send urgent payment requests to employees or finance teams.

Since the messages appear to come from a trusted senior official, employees may act with a sense of urgency without verifying the request, thereby increasing the risk of financial loss.

Safety Measures

CyberDost has advised employees and organisations to verify every payment request through a phone call or another official communication channel before transferring any money.

It has also advised users against downloading any unknown .ZIP or .ISO files without verification. The advisory says payment requests should never be processed solely on the basis of a message received on a messaging platform.

The agency has further recommended enabling two-step verification (2FA) on WhatsApp and regularly reviewing linked devices to check for any unauthorised access.

What To Do If You Fall Into The Trap

CyberDost has urged people who suspect they have been targeted by such fraud to report the incident immediately. Victims can call the national cybercrime helpline on 1930 or file a complaint through the government’s cybercrime reporting portal.

Cyber security experts have repeatedly advised organisations to train employees to verify urgent financial requests through independent channels, especially when the request involves transferring company funds or sharing sensitive information. Such verification can help reduce the chances of falling victim to impersonation-based scams.

Published At:
SUBSCRIBE
Tags

Click/Scan to Subscribe

qr-code
CLOSE