The Indian Cyber Crime Coordination Centre (I4C) has issued a nationwide alert to companies over a rapidly growing cyber fraud known as the ‘Boss Scam’, in which criminals impersonate senior executives or government regulators to deceive employees into transferring money. The warning comes amid a rise in incidents targeting corporate finance teams and senior management personnel.
According to I4C, scammers send convincing emails or WhatsApp messages posing as company CEOs, managing directors, or regulatory authorities. These messages often create a sense of urgency and instruct employees to open attached ZIP files or documents related to confidential business matters or urgent payments.
Malicious Files Used to Hijack WhatsApp Accounts
The fraudulent messages usually contain malicious ZIP files embedded with malware. Once opened, the malware can compromise an executive’s device and hijack their WhatsApp account or other communication channels. Cybercriminals then use the stolen identity of the executive to send fake payment instructions to finance teams or employees responsible for handling company funds.
Because the requests appear to come from trusted senior officials, employees may process transactions without verifying their authenticity, resulting in significant financial losses for organisations.
Verification Is the Best Defence
To protect businesses from such attacks, I4C has advised companies to adopt strict verification procedures for all urgent or unusual payment requests. Employees should confirm financial instructions through direct phone calls, video calls, or in-person meetings before authorising any transfer of funds.
The agency has also urged organisations to avoid opening email attachments or ZIP files received from unknown or suspicious sources. Regular cybersecurity training and awareness programmes can help employees identify phishing attempts and social engineering tactics used by cybercriminals.
Reporting Can Limit Damage
I4C has emphasised that immediate reporting plays a crucial role in preventing further losses and improving the chances of recovering stolen funds. Victims of cyber fraud should promptly report incidents by calling the national cybercrime helpline 1930 or by filing a complaint through the National Cyber Crime Reporting Portal.
As cyber threats continue to evolve, vigilance and verification remain the strongest safeguards against scams exploiting trust and authority.