The Telangana Cyber Security Bureau (TGCSB) has alerted citizens, government departments, public sector organisations, private companies, and business establishments about an emerging cyber fraud trend known as the “Boss Scam” or CEO Impersonation Fraud.
As per an advisory issued by the Indian Cyber Crime Coordination Centre (I4C), cybercriminals are targeting senior executives, government officials, business owners, and organisational leaders through malicious files sent via email and WhatsApp under the guise of urgent regulatory or compliance-related communications, said Shikha Goel, Director, TGCSB.
She said in a release on Wednesday that more than 300 complaints have been reported across the country within a span of nearly 20 days, indicating a significant increase in such incidents.
Explaining how the scam works, she said that fraudsters send emails or WhatsApp messages containing malicious ZIP/RAR files disguised as compliance documents, notices, or urgent communications. Once opened, malware gets installed on the victim’s device. The malware enables unauthorised access to active Web WhatsApp sessions and other information.
Cybercriminals then impersonate senior officials and send fraudulent instructions to employees or finance teams. Victims are pressured into making urgent financial transfers or sharing confidential information.
According to the TGCSB director, unexpected ZIP/RAR attachments, ‘urgent compliance’ or ‘immediate action required’ messages, requests for confidential financial transactions, instructions received only through email or WhatsApp, requests to bypass established approval procedures and pressure to act immediately without verification are the red flags.
She suggested safety measures, including verification of financial instructions through a direct phone call or official communication channel. Do not open suspicious attachments or files received from unknown or unverified sources. Regularly review active Web WhatsApp sessions and log out from unused devices. Enable Multi-Factor Authentication (MFA) wherever possible. Follow established organisational approval processes for financial transactions. Conduct regular cyber awareness training for employees.
“If you suspect a Boss Scam, do not respond to the message. Do not open the attachment. Verify the request independently through a trusted channel. Inform your IT/Security team immediately and preserve relevant evidence and report the incident without delay,” she said.
