The Securities and Exchange Board of India (Sebi) on Friday warned regulated entities and listed companies about a rising cyber fraud dubbed the ‘Boss Scam’, where fraudsters impersonate top executives to siphon off funds.

 


The market regulator said it had been alerted by the Indian Cyber Crime Coordination Centre about an emerging trend involving impersonation of chief executive officers (CEOs) or managing directors (MDs) using digital communication tools.

 


In a typical case, fraudsters pose as senior executives through email, WhatsApp, Microsoft Teams or other social media platforms, instructing finance or accounts personnel to execute urgent fund transfers. These messages are often designed to appear confidential and may discourage verification, citing sensitive or unpublished information.

 
 


Sebi noted that perpetrators are increasingly deploying advanced techniques such as deepfake voice cloning and AI-generated video calls to impersonate company heads. In some instances, they also create fake social media groups to lend credibility to their requests.

 


Another method involves sending malicious compressed files containing executable malware. Once opened, these files can compromise systems, hijack WhatsApp Web sessions, and enable fraudsters to send payment instructions from legitimate accounts.

 


The regulator warned that attackers may even alter contact details on compromised devices, replacing genuine numbers with fraudulent ones to mislead employees into transferring money.

 


“The malware hacks the system and hijacks the active WhatsApp Web session tokens. The fraudster gets access to the finance officer’s WhatsApp account and then contacts accounts or finance employees, instructing them to make immediate payments to specified mule bank accounts,” stated Sebi.

 


Sebi has advised companies to exercise caution and verify any financial instructions received through digital platforms by directly contacting the concerned official. It also urged firms not to act solely on messages received via social media and to avoid installing unverified files.

 


Entities have been asked to report incidents promptly through the national cybercrime helpline or portal.



Source link

YouTube
Instagram
WhatsApp