Business

Sebi warns listed firms, regulated entities against rising ‘Boss Scam’ cyber fraud

Published

on

Markets regulator Sebi on Friday cautioned regulated entities and listed companies against an emerging cyber fraud known as the “Boss Scam”, in which fraudsters impersonate chief executives or other senior officials to trick finance teams into transferring funds.

The advisory follows an alert from the Indian Cyber Crime Coordination Centre (I4C), which has flagged a rise in CEO/MD impersonation fraud targeting organisations through email, WhatsApp, Microsoft Teams and other social media platforms.

According to Sebi, fraudsters impersonate senior executives and send messages or make calls directing subordinates to urgently transfer money to specified bank accounts. In some cases, fraudsters use artificial intelligence tools such as voice cloning and deepfake video calls to make the impersonation appear genuine.

The regulator said another method involves sending a compressed ZIP file containing malicious software. Once the file is opened on a Windows device, the malware hijacks active WhatsApp Web sessions, allowing fraudsters to gain access to the victim’s account and send payment instructions to finance or accounts personnel.

Advertisement

In some instances, cybercriminals may also alter the contact list on a compromised device, saving their own number under the name of the CEO or Managing Director to deceive employees into executing fund transfers, Sebi, said.

Live Events


“Fraudsters are targeting CEOs or high-ranking officials via email or WhatsApp by impersonating them. The communication through email/WhatsApp/Microsoft Teams/other social media platforms with their subordinates or counterparts, directs them to carry out instructions given to them resulting in transfer of funds to fraudsters,” Sebi said in a statement.
The regulator advised listed companies and regulated entities to independently verify requests received through WhatsApp, email or social media by directly calling the concerned senior official.It also asked organisations not to transfer funds solely on the basis of instructions received through social media platforms and to avoid installing executable files without first verifying the sender’s identity.

Further, Sebi urged entities to log out of inactive WhatsApp Web sessions and immediately report cyber fraud incidents by calling the national cybercrime helpline 1930 or through the Cyber Crime portal.

The regulator said it issued the advisory after I4C observed an increasing trend of cybercriminals targeting high-ranking officials and finance executives through CEO or MD impersonation schemes to fraudulently obtain fund transfers.

Advertisement

You must be logged in to post a comment Login

Leave a Reply

Cancel reply

Trending

Exit mobile version