What Is 'Boss Scam'? All You Need To Know About New Cyber Crime Threat
What Is 'Boss Scam'? All You Need To Know About New Cyber Crime Threat Published By, Last Updated: July 17, 2026, 20:04 IST In some
What Is 'Boss Scam'? All You Need To Know About New Cyber Crime Threat Published By, Last Updated: July 17, 2026, 20:04 IST In some cases, victims are also told to keep the transactions secret by claiming that they involve Unpublished Price Sensitive Information (UPSI). Fraudsters send a compressed.zip file containing malware through messages to target officials. (Representative image/Pixabay) Amid rising cases of cyber crimes, the Securities and Exchange Board of India (SEBI) on Friday warned listed companies and regulated entities against an emerging trend of fraud known as the “Boss Scam." All About ‘Boss Scam’? In this scam, fraudsters pose as Chief Executive Officers (CEOs), Managing Directors (MDs) and other senior officials to trick finance executives into transferring funds. SEBI said the advisory was issued after the Indian Cyber Crime Coordination Centre (I4C) alerted the market regulator about the increasing number of such frauds. Explaining the reason behind the warning, SEBI said it is issuing the press release as “I4C has observed an emerging trend in cybercrime referred to as the “Boss Scam" or CEO/MD impersonation fraud whereby fraudsters are targeting high-ranking officials/finance executives which compels them to transfer of funds to fraudsters", PTI reported.
How Conmen Target Officials? According to SEBI, fraudsters are targeting CEOs and other senior executives through email, WhatsApp and social media platforms. By impersonating these officials, they instruct finance executives and employees to transfer funds to accounts controlled by cyber criminals. The regulator said one of the key methods involves the use of deepfake technology, including AI-generated voice cloning, fake video calls and fabricated social media groups. In some cases, victims are also told to keep the transactions secret by claiming that they involve Unpublished Price Sensitive Information (UPSI). Under another method, fraudsters send a compressed.zip file containing malware through messages. If opened on a Windows computer, the malware can hijack the user’s active WhatsApp Web session. According to SEBI, cyber criminals then use the compromised WhatsApp account to contact finance officials and direct them to make urgent payments to bank accounts controlled by the fraudsters. How To Avoid Getting Trapped By Fraudsters? SEBI warned that fraudsters who gain complete access to a device may even save their own phone numbers under the names of CEOs or MDs to issue fake payment instructions.
The regulator advised companies to verify all payment requests received through WhatsApp, email or social media by directly contacting senior officials and not to transfer funds solely based on online instructions. It also urged organisations to avoid installing files from unknown sources and to log out of inactive WhatsApp Web sessions. SEBI said any such fraud or cybercrime incident should be reported immediately through the national cybercrime helpline, 1930, or the Cyber Crime Reporting Portal. News18 Newsletter Handpicked stories, in your inbox A newsletter with the best of our journalism submit Key Questions Answered How can companies better protect against deepfake scams? Companies can better protect against deepfake scams by implementing multi-layered verification procedures for financial requests and conducting regular cyber-awareness training for personnel. What new regulations might SEBI introduce to combat this? SEBI has not announced new regulations specifically to combat the 'Boss Scam' but has previously established a task force, "cyber-suraksha.ai", to examine cybersecurity risks from AI tools and develop mitigation strategies. Could AI tools help detect these sophisticated frauds? AI tools can help detect sophisticated frauds by identifying and exploiting vulnerabilities at speed and scale.
