The Securities and Exchange Board of India (SEBI) on Friday issued a warning to listed companies and regulated organisations over a growing cybercrime known as the ‘Boss Scam’, in which scammers pose as senior executives in order to embezzle money.The market regulator reported that the Indian Cyber Crime Coordination Centre had informed it of a new trend involving the use of digital communication technologies to impersonate managing directors (MDs) or chief executive officers (CEOs).Typically, they instruct finance staff to carry out urgent fund transfers by pretending to be top executives via email, WhatsApp, Microsoft Teams, or other social media platforms. These messages, which include sensitive or unreleased material, are frequently made to look private and may deter verification.Sebi pointed out that criminals were increasingly impersonating business executives using sophisticated methods like deep-fake voice duplication and artificial intelligence (AI)-generated video conversations.Furthermore, to grant their requests more legitimacy, they may also start fraudulent social media groups. Sending harmful files that contain malware is another technique. These files have the potential to infiltrate systems, take over WhatsApp web sessions and allow fraudsters to transmit payment instructions from authentic accounts once they are opened.Sebi cautioned that hackers might even change contact information on hacked devices, substituting fake numbers for real ones to trick workers into sending money.“The malware hacks the system and hijacks the active Web WhatsApp session tokens. The fraudster gets access to the finance officer’s WhatsApp account and then contacts accounts or finance employees, instructing them to make immediate payments to specified mule bank accounts,” Sebi added.Sebi has advised entities to exercise caution and immediately contact the relevant authority to verify any financial instructions received through digital channels.Additionally, it has urged organisations not to install files from unverified sources and rely solely on communications received through social media platforms. Entities have also been advised to promptly report any cyber incidents through the national cybercrime helpline or the designated online reporting portal.


