Markets regulator SEBI issues an advisory cautioning listed companies and regulated entities about a rising cyber fraud dubbed the “Boss Scam.” The regulator says fraudsters impersonate chief executives or other senior officials and contact finance teams or subordinates to obtain fund transfers. SEBI notes the attempts are carried out through channels such as email, WhatsApp, Microsoft Teams, and other social media platforms, often using messages or calls that instruct recipients to move money urgently to specified bank accounts.
SEBI links the advisory to an alert from the Indian Cyber Crime Coordination Centre (I4C), which reports an increasing trend of CEO/MD impersonation schemes targeting organisations. The fraudsters are described as using AI-based tools, including voice cloning and deepfake video calls, to make impersonation appear genuine. Another method mentioned involves sending a compressed ZIP file that, when opened on a Windows device, can deploy malware and hijack active WhatsApp Web sessions to send payment instructions.
SEBI advises firms to independently verify such requests by directly contacting the concerned senior official, not to transfer funds based only on messages received through social platforms, to avoid installing unverified executable files, to log out of inactive WhatsApp Web sessions, and to report incidents via the national cybercrime helpline or the cybercrime portal.