The Indian government has issued a warning about a new cyber scam called the 'Boss Scam', where criminals impersonate CEOs and senior officials on WhatsApp to target employees. The scam involves fraudsters creating fake WhatsApp accounts using the profile pictures and names of top executives to send messages to employees, instructing them to transfer money or share confidential information.
How the Scam Works
According to the Indian Computer Emergency Response Team (CERT-In), the scammers first gather information about the target organization and its key personnel from social media and company websites. They then create a fake WhatsApp account with the CEO's name and photo, and message an employee, often in finance or HR, requesting an urgent payment or sensitive data. The message typically creates a sense of urgency, claiming the matter is confidential and requires immediate action.
“The fraudsters exploit the trust employees have in their senior leaders. They often use phrases like 'I am in a meeting' or 'This is urgent' to pressure the victim into acting quickly without verification,” a CERT-In official said.
Government Advisory
CERT-In has issued an advisory urging organizations to implement strict verification protocols for any financial or data requests made via messaging apps. The advisory recommends that employees always verify such requests through a secondary communication channel, such as a phone call or in-person confirmation, before complying.
“Organizations should conduct regular cybersecurity awareness training for employees, emphasizing the risks of social engineering attacks. Employees should be cautious of any unsolicited messages, even if they appear to come from a senior official,” the advisory states.
Rise in Cybercrime Incidents
The warning comes amid a sharp increase in cybercrime incidents targeting corporate entities. According to data from the National Cyber Crime Reporting Portal, there has been a 30% rise in such scams in the past year. The 'Boss Scam' is particularly dangerous because it exploits the hierarchical structure of organizations, where employees are conditioned to follow instructions from superiors.
Experts suggest that companies should also implement multi-factor authentication for financial transactions and use secure communication platforms for sensitive requests. “The key is to break the automatic obedience to authority. Employees must be empowered to question unusual requests, even from top management,” said cybersecurity analyst Rajesh Kumar.
What to Do If Targeted
If an employee receives a suspicious message, they should immediately report it to the organization's IT department and not respond to the message. CERT-In advises not to click on any links or download attachments from such messages. Victims should also file a complaint on the National Cyber Crime Reporting Portal (cybercrime.gov.in) or call the helpline number 1930.
The government has also urged WhatsApp users to enable two-step verification and adjust privacy settings to limit who can see their profile photo and status updates. This can reduce the risk of scammers using your image to impersonate you.
