SEBI Issues Alert on Rising 'Boss Scam' Cyber Fraud Targeting Corporates
SEBI's Warning on Cyber Fraud
The Securities and Exchange Board of India (SEBI) has recently alerted listed companies and regulated entities about a surge in a cyber fraud scheme known as the 'Boss Scam'. In this scheme, cybercriminals impersonate high-ranking executives to deceive finance teams into transferring funds. This advisory comes in light of reports from the Indian Cyber Crime Coordination Centre (I4C), which has noted a rise in such impersonation-based financial crimes targeting businesses.
SEBI's announcement highlights that I4C has identified a troubling trend in cybercrime, specifically the 'Boss Scam' or CEO/MD impersonation fraud, where fraudsters focus on senior officials and finance executives, pressuring them to transfer money to the criminals.
According to SEBI, these cybercriminals are increasingly utilizing various communication platforms, including email, WhatsApp, and social media, to impersonate Chief Executive Officers (CEOs), Managing Directors (MDs), and other senior personnel. After establishing a convincing fake identity, they reach out to finance staff or other employees, issuing urgent payment requests that direct them to transfer funds into accounts controlled by the fraudsters.
SEBI has identified two main tactics employed in these scams. The first involves the use of advanced deepfake technology, where criminals utilize AI-generated voice cloning, fake video calls, and fabricated social media groups to enhance the authenticity of their impersonation. Employees are often instructed to process immediate payments, with some victims being told to keep the transaction confidential under the guise of Unpublished Price Sensitive Information (UPSI).
Malware Distribution via ZIP Files
SEBI also cautioned about another method that involves malware distribution. In this approach, attackers send a compressed .zip file through messaging platforms, which contains a malicious executable program along with a Dynamic Link Library (DLL) file. Opening this file on a Windows computer can install malware capable of hijacking an active WhatsApp Web session. Once access is obtained, fraudsters can use the compromised WhatsApp account to communicate with finance staff, requesting urgent fund transfers to mule bank accounts.
The regulator noted that in more sophisticated attacks, cybercriminals who gain full access to a device may secretly modify the victim's contact list, saving their number under the name of the CEO or Managing Director. This manipulation allows payment requests to seem as if they are coming directly from a trusted senior executive.
Recommendations from SEBI
To mitigate the risk of falling prey to such scams, SEBI has advised listed companies and regulated entities to independently verify every payment instruction received via WhatsApp, email, or social media by directly contacting the relevant senior official. The regulator emphasized that organizations should never authorize fund transfers based solely on instructions received through messaging platforms.
Additionally, employees are encouraged to refrain from installing executable files from unknown or unverified sources, even if they appear to be sent by someone familiar. Users should also log out of WhatsApp Web sessions that are no longer in use to reduce the risk of account compromise. SEBI has urged organizations to promptly report any suspected cyber fraud by calling the national cybercrime helpline at 1930 or by filing a complaint through the National Cyber Crime Reporting Portal.