I4C Advisory on 'Boss Scam' Targeting Executives
The Indian Cyber Crime Coordination Centre (I4C), under the Ministry of Home Affairs (MHA), has issued an advisory warning about a new cyber threat dubbed the 'boss scam'. In this scheme, cyber criminals are targeting company executives, including chief executive officers and chief financial officers, through fraudulent alerts sent via WhatsApp and email.
According to the advisory, the attackers deliver malicious archives to their targets under the guise of urgent regulatory compliance. The messages often appear to come from senior management or regulatory bodies, urging immediate action.
Modus Operandi of the Scam
The scammers use social engineering tactics to trick executives into opening malicious attachments or clicking on links. These archives may contain malware that can compromise the victim's device, steal sensitive data, or gain unauthorized access to corporate networks.
“The targets are delivered malicious archives via email or WhatsApp messages under the guise of urgent regulatory compliance,” the I4C advisory stated. The attack is designed to exploit the authority and urgency associated with executive roles.
Impact and Precautions
Once a device is infected, cyber criminals can potentially access confidential company information, financial accounts, and communication channels. This could lead to financial fraud, data breaches, or ransomware attacks.
The I4C has advised executives to verify the authenticity of any unexpected messages, even if they appear to come from known contacts. It recommends not opening attachments or clicking links from unknown sources and enabling two-factor authentication on all accounts.
Organizations are urged to conduct regular cybersecurity training and implement robust email filtering and endpoint protection systems. The advisory also emphasizes the importance of reporting any suspicious activity to the nearest cyber crime police station or through the national cyber crime reporting portal.
