The Union Home Ministry has sounded an alarm over an emerging cyber fraud dubbed the “Boss Scam”, warning that cybercriminals are impersonating regulators to compromise the devices and WhatsApp accounts of top executives and trick companies into transferring money to fraudulent bank accounts.
In an advisory issued by the National Cybercrime Threat Analytics Unit (NCTAU) under the Indian Cyber Crime Coordination Centre (I4C), the Ministry said fraudsters were increasingly targeting chief executive officers and other senior officials through email and WhatsApp messages masquerading as urgent communications from regulatory authorities.
According to the advisory, the attackers create a sense of urgency by falsely alleging regulatory violations or demanding immediate security upgrades. Regulators such as the Reserve Bank of India (RBI) are among the institutions whose identities are being misused.
The communication contains a compressed file which, once opened, installs malware on Windows devices. The malicious software then compromises active WhatsApp Web sessions, allowing cybercriminals to send messages from the executive’s genuine account to finance personnel or subordinate employees.
Posing as the CEO, the fraudsters instruct staff to transfer money to bank accounts controlled by them.
“In multiple cases, the CEO forwards the message to the finance officer,” the advisory noted, highlighting how the scam exploits trust within organisations.
The Home Ministry also warned of a more sophisticated variant in which attackers gain complete control over a device and secretly alter the contact list, saving an attacker-controlled number under the name of the company’s chief executive.
The advisory stressed that regulators do not send mandatory software updates or security fixes through WhatsApp attachments and urged organisations to treat such communications with caution.
Companies have been advised to verify requests involving urgent financial transactions or changes in bank details through direct voice calls or face-to-face confirmation rather than relying solely on text messages or emails.
Victims or those encountering suspicious applications have been urged to report incidents through the cybercrime helpline number 1930 or the National Cyber Crime Reporting Portal.
