Telangana Cyber Security Bureau alerts people about 'Boss Scam'
Hyderabad, June 24
The Telangana Cyber Security Bureau has alerted citizens, government departments, public sector organisations, private companies, and business establishments about an emerging cyber fraud trend known as the "Boss Scam" or CEO Impersonation Fraud.
As per an advisory issued by the Indian Cyber Crime Coordination Centre (I4C), cybercriminals are targeting senior executives, government officials, business owners, and organisational leaders through malicious files sent via email and WhatsApp under the guise of urgent regulatory or compliance-related communications, said Shikha Goel, Director, TGCSB.
She said in a release on Wednesday that more than 300 complaints have been reported across the country within a span of nearly 20 days, indicating a significant increase in such incidents.
Explaining how the scam works, she said that fraudsters send emails or WhatsApp messages containing malicious ZIP/RAR files disguised as compliance documents, notices, or urgent communications. Once opened, malware gets installed on the victim's device. The malware enables unauthorised access to active Web WhatsApp sessions and other information.
Cybercriminals then impersonate senior officials and send fraudulent instructions to employees or finance teams. Victims are pressured into making urgent financial transfers or sharing confidential information.
According to the TGCSB director, unexpected ZIP/RAR attachments, 'urgent compliance' or 'immediate action required' messages, requests for confidential financial transactions, instructions received only through email or WhatsApp, requests to bypass established approval procedures and pressure to act immediately without verification are the red flags.
She suggested safety measures, including verification of financial instructions through a direct phone call or official communication channel. Do not open suspicious attachments or files received from unknown or unverified sources. Regularly review active Web WhatsApp sessions and log out from unused devices. Enable Multi-Factor Authentication (MFA) wherever possible. Follow established organisational approval processes for financial transactions. Conduct regular cyber awareness training for employees.
"If you suspect a Boss Scam, do not respond to the message. Do not open the attachment. Verify the request independently through a trusted channel. Inform your IT/Security team immediately and preserve relevant evidence and report the incident without delay," she said.
— IANS
Reader Comments
Finally someone is speaking about this! My father owns a small business and almost fell for this. He got an email from "RBI Compliance Department" saying his account would be frozen unless he downloaded an attachment. These criminals are getting too smart 💀. Also, good to see TGCSB and I4C working together on this.
But why is this even happening? Banks and companies should implement stricter verification processes. Multi-factor authentication should be mandatory for all financial transactions, not just optional as suggested. We're losing crores to cyber fraud every year and the response feels reactive rather than preventive.
I work in IT security in Bangalore. The worst part is these ZIP/RAR files are often password-protected, making them harder for email scanners to detect. My advice for everyone: never open attachments from unknown senders, even if it says "urgent" or "regulatory." And always call your boss directly to confirm any financial request. Scammers are exploiting our habit of obeying authority figures. Be vigilant, India!
As an HR manager, I've already circulated this advisory to our entire team. The "pressure to act immediately" red flag is spot on. Just yesterday my assistant got a message from "me" asking for urgent payment of an invoice she'd never seen. If she hadn't been trained, we could have lost money. Thank you, TGCSB, for this awareness campaign! 🛡️
Good advisory but I feel it's still not enough. 300 complaints in 20 days means these scams are rampant.
We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.