News

Sebi Warns Listed Firms of 'Boss Scam' Involving AI Deepfakes and WhatsApp Hijacking

As a part of the scam, scamsters defraud people by impersonating the chief executive officer or managing director of companies

Canva
sebi Photo: Canva
info_icon
Summary

Summary of this article

  • Fraudsters impersonate top company executives to steal corporate funds.

  • Criminals use AI deepfakes and voice cloning for deception.

  • Malicious zip files hijack active WhatsApp sessions of employees.

Amid a rise in cybercrime cases, the Securities and Exchange Board of India (Sebi) has cautioned regulated entities and listed companies against an emerging scam. In a release dated July 17, the regulator cautioned against the ‘boss scam’.

As a part of the scam, scamsters defraud people by impersonating the chief executive officer or managing director of companies. The market regulator issued this caution after the Indian Cyber Crime Coordination Centre (I4C) informed about a rise in such cases. 

What Is a Boss Scam?

The boss scam is a sophisticated cybercrime scheme. In order to defraud people, cybercriminals impersonate top tier executives to exploit the trust of subordinate employees. Fraudsters communicate with potential victims. Notably the victims typically include finance officers or other employees who have the authority to process payments, through digital channels such as email, WhatsApp, Microsoft Teams, or other social media platforms.

By impersonating top-management they create a false sense of urgency or confidentiality, which pressures the unsuspecting employees into making financial transactions without following standard verification protocols.

Boss Scam: Modus Operandi

According to the release, fraudsters execute their operations through two methods primarily. The first method involves the direct impersonation of managing directors or chief executive officers using AI-based deep fake methodologies. Additionally, scamsters can also use voice cloning techniques during video calls to mimic the mannerisms of the executive.

Fraudsters also use fake groups on social media platforms pretending to be the top-brass to coordinate with subordinates. Once the scamster contacts the victim, they receive instructions to transfer funds to a specified mule account. To prevent the employee from verifying who has sent the request, the fraudster often gives explicit directions not to share the transaction details with anyone else, falsely claiming that the matter involves unpublished price sensitive information (UPSI).

The second method in these cases involves the use of malware, where a fraudster sends a compressed zip file through email or social media messaging platforms. This archive contains a malicious executable file accompanied by a dynamic link library file. Once the file is extracted and executed on a Windows desktop or laptop it hijacks active web WhatsApp session tokens, giving the fraudster access to the victim’s account, which is then used to instruct other employees to make immediate payments.

Alternatively, if the attacker achieves complete device takeover, they alter the contact list on the device to save the fraudster's phone number under the name of the chief executive officer or managing director, using the secondary number to manipulate the finance officer into transferring funds.

Sebi's Advice To Companies Amid Rising Cases of Boss Scam

As instances of boss-scam rise, Sebi has issued a set of directives to help companies protect themselves. Sebi has urged regulated entities and listed companies to remain cautious and cross check any financial requests received through WhatsApp, email, or social media platforms by physically calling their seniors to confirm legitimacy.

The regulator has also recommended that organisations should not transfer corporate funds solely on the basis of instructions received on social media platforms. Additionally, employees should not install executable files without checking the identity of the sender, even if the message appears to come from a known contact.

To foolproof themselves from technical vulnerabilities, users have been urged to log out of any web WhatsApp sessions that are not being actively used. Additionally the regulator has also asked companies to report any fraudulent applications or scam incidents by calling the designated helpline number 1930 or by visiting the official national cybercrime reporting portal.

Published At:
SUBSCRIBE
Tags

Click/Scan to Subscribe

qr-code
CLOSE