Head Lines
    Headlines
  • Cawston Press launches flavoured sparkling water range
  • "What Happened Was Unfair": Ex-India Star's Stunning Remark On Sanju Samson
  • US President Donald Trump Wants 'Nicki Minaj-Style Nails', Expert Shares Why They Can Be A Health Disaster
  • When traffic dictates your address: How Bengaluru’s congestion is shaping real estate choices
  • "We Feel Ashamed": Pak PM On "Begging For Money" Around The World
  • Pakistan-Bangladesh direct flights resume after 14 years: All you need to know about flight schedule and operations
What is Boss Scam? Govt advisory warns against CEO impersonation fraud
Post by Admin on Tuesday, Jun 23, 2026 0 comments | 0 TightSlaps
The Indian Cyber Crime Coordination Centre (I4C) on Monday issued an advisory warning companies about a growing cyber fraud known as the "Boss Scam" and cautioned organisations and senior executives to stay vigilant.

What is Boss Scam?

Also known as CEO impersonation fraud, the Boss Scam is a form of cyber-enabled financial fraud in which criminals pose as senior executives to trick employees into making unauthorised payments or sharing sensitive information. In this scam, fraudsters exploit organisational hierarchy and convince employees to process transactions by making them believe the instructions have come from their senior management. 
According to the I4C advisory, the latest variant of the scam begins with cybercriminals impersonating regulators such as the Reserve Bank of India (RBI) and sending urgent messages to CEOs or other senior officials via email or WhatsApp. The messages claim a regulatory violation or mandate an immediate security update and contain a malicious file disguised as a compliance document. 

How do fraudsters execute Boss Scam?

The message contains a compressed ZIP archive that appears legitimate but includes malware. 
“The message contains a compressed .zip archive. Inside this archive is a malicious executable (.exe) accompanied by a Dynamic Link Library (.dll) file. As seen in multiple cases, the CEO forwards the message to finance officer.”
Once the file is opened on a Windows device, the malware gains access to the system and can hijack active WhatsApp Web sessions, allowing fraudsters to gain control of official communication channels used by the targeted individual. 
If the attacker achieves complete device takeover, they covertly modify the device's contact list, saving a fraudulent, attacker-controlled phone number under the name of the "CEO", and use that secondary number to instruct employees to transfer funds, the advisory stated.

How to prevent Boss Scam?

In its advisory, the I4C asked organisations to adopt stricter verification and cybersecurity practices to guard against Boss Scam attacks. It directed that finance teams should independently verify any request for urgent payments or account changes received through WhatsApp or email, preferably through a direct phone call or in-person confirmation. 
The agency also cautioned executives and employees against downloading or installing files received from unknown sources, noting that regulators such as the RBI do not distribute software updates or security fixes through WhatsApp attachments. 
Additionally, it urged companies to regularly review linked devices on WhatsApp, deploy updated malware detection tools on Windows systems, and implement software restriction policies that block the execution of unauthorised files. 

comments

No Comments Till Now.

Other categories

Recent Comments
More

Tight Slap © 2015 All rights reserved | Powered by Topnotch

Write Your Story