Advertisement

Markets Regulator Warns Of "Boss Scam", Cyber Fraud Targeting Top Executives

The regulator said it issued the advisory after receiving information from the Indian Cyber Crime Coordination Centre (I4C) about a rise in such cases.

Markets Regulator Warns Of "Boss Scam", Cyber Fraud Targeting Top Executives
SEBI said fraudsters are using two main methods to carry out the scam.
  • SEBI warned companies about the 'boss scam' involving CEO impersonation to trick employees into fund transfers
  • Fraudsters use AI tools like deepfake videos and voice cloning to impersonate senior executives
  • Malware is spread via .zip files to hijack WhatsApp sessions and send fake payment instructions

The Securities and Exchange Board of India (SEBI) on Friday warned companies against the "boss scam". As part of this cyber fraud, fraudsters impersonate chief executives and other senior officials to trick employees into transferring money.

The regulator said it issued the advisory after receiving information from the Indian Cyber Crime Coordination Centre (I4C) about a rise in such cases.

Fraudsters posing as CEOs

Cybercriminals are targeting finance executives and other employees by pretending to be CEOs or senior executives through emails, WhatsApp, Microsoft Teams and social media platforms, SEBI said. The fraudsters instruct employees to make fund transfers to bank accounts controlled by them, the regulator added.

Deepfakes and malware used in attacks

SEBI said fraudsters are using two main methods to carry out the scam. In the first, cybercriminals rely on artificial intelligence tools such as voice cloning, deepfake video calls, and fake social media groups to impersonate senior executives. Employees are then persuaded to transfer funds to a specified mule account.

The second method involves sending a compressed .zip archive containing malicious software through the message. If the file is opened on a Windows computer, it installs malware that can compromise the system and hijack active WhatsApp Web sessions.

Once the malware gains access to a finance officer's WhatsApp account, fraudsters use the compromised account to send payment instructions to other employees, directing them to transfer money to bank accounts under their control. 

SEBI said that in some cases, attackers who gain complete control of a device may secretly alter the contact list by saving their own phone number under the name of the CEO or Managing Director. They then use that number to send fake payment instructions to finance officials.

SEBI advises verification before payments

SEBI advised regulated entities and listed companies to verify any payment requests received through WhatsApp, email or social media by directly contacting the concerned senior official. It also asked organisations not to transfer funds based solely on instructions received through messaging or social media platforms.

The market regulator further urged employees to avoid installing executable files without confirming the sender's identity, even if the message appears to come from a known contact. It also recommended logging out of unused WhatsApp Web sessions and immediately reporting suspected cyber fraud by calling the national helpline 1930 or through the National Cyber Crime Reporting Portal, www.cybercrime.gov.in.

Cyber Crime Centre Warns Of 'Boss Scam' 

Last month, the Indian Cyber Crime Coordination Centre (I4C) had cautioned organisations about the "boss scam". In an advisory issued by its National Cybercrime Threat Analytics Unit (NCTAU), the agency said fraudsters were targeting CEOs and other senior officials through emails and WhatsApp messages that falsely appeared to come from authorities such as the Reserve Bank of India (RBI).

Show full article

Track Latest News Live on NDTV.com and get news updates from India and around the world

Follow us:
Listen to the latest songs, only on JioSaavn.com