The Union Home Ministry has issued a warning about a new cyber fraud scheme called the 'Boss Scam,' in which criminals impersonate regulatory authorities to compromise the devices and WhatsApp accounts of top executives, ultimately tricking companies into transferring funds to fraudulent accounts.
Modus Operandi of the Scam
According to an advisory from the National Cybercrime Threat Analytics Unit (NCTAU) under the Indian Cyber Crime Coordination Centre (I4C), fraudsters target chief executive officers and senior officials via email and WhatsApp messages that appear to be urgent communications from regulators. The attackers create a false sense of urgency by alleging regulatory violations or demanding immediate security updates. Institutions such as the Reserve Bank of India (RBI) are among those whose identities are being misused.
Malware and Account Takeover
The fraudulent message contains a compressed file that, when opened, installs malware on Windows devices. This malicious software compromises active WhatsApp Web sessions, enabling cybercriminals to send messages from the executive's genuine account to finance personnel or subordinates. Posing as the CEO, the fraudsters instruct staff to transfer money to bank accounts controlled by them.
“In multiple cases, the CEO forwards the message to the finance officer,” the advisory noted, highlighting how the scam exploits trust within organisations.
Sophisticated Variant
The Home Ministry also warned of a more advanced variant where attackers gain full control over a device and secretly alter the contact list, saving an attacker-controlled number under the CEO's name. This allows them to intercept and manipulate communications more effectively.
Preventive Measures
The advisory stressed that regulators do not send mandatory software updates or security fixes through WhatsApp attachments. Organisations are urged to treat such communications with caution. Companies have been advised to verify any requests involving urgent financial transactions or changes in bank details through direct voice calls or face-to-face confirmation, rather than relying solely on text messages or emails.
Reporting Incidents
Victims or those encountering suspicious communications are urged to report incidents through the cybercrime helpline number 1930 or the National Cyber Crime Reporting Portal.
