I4C issues nationwide alert over sophisticated ‘Boss Scam’
The Indian Cyber Crime Coordination Centre (I4C) of the Ministry of Home Affairs (MHA) has sounded the alarm over a sophisticated new variant of cyber fraud known as the “Boss Scam” or CEO impersonation fraud, in which criminals use malware to compromise the devices and WhatsApp accounts of top executives before directing subordinates to transfer large sums of money to fraudulent accounts.
In an advisory issued on Monday by its National Cybercrime Threat Analytics Unit (NCTAU), the I4C warned that cybercriminals are increasingly impersonating regulatory bodies, such as the Reserve Bank of India (RBI), to trick high-ranking officials into opening malicious files sent via email or WhatsApp. The scam typically begins with a seemingly urgent message claiming regulatory violations or the need for immediate security upgrades. The communication contains a compressed ZIP archive holding a malicious executable (.exe) and a Dynamic Link Library (.dll) file.
Once the executive extracts and runs the file on a Windows device, a Trojan dropper installs itself, establishes persistence, and hijacks active WhatsApp session tokens.
Armed with access to the legitimate WhatsApp account, the fraudsters then contact finance or accounts personnel and issue instructions for immediate transfers of funds to mule bank accounts. In some variants, attackers gain deeper control over the device and secretly alter the contact list, saving a fraudulent number under the CEO’s name to issue payment directives that appear to come from a trusted source.
Scammers employ ‘High-Value Fraud Risk’. This method is particularly dangerous because instructions appear to come directly from the executive’s verified WhatsApp account, making them difficult to question. The I4C noted that the scam has been observed in multiple cases where targeted officials forwarded the malicious archive to finance teams, inadvertently expanding the attack surface within organisations.
The warning comes amid a rise in incidents of executive impersonation fraud in India. In one recent high-profile case, former Rajya Sabha MP Naresh Gujral was allegedly defrauded of approximately Rs 7.8 crore through a messaging-app impersonation scheme targeting his company’s chief financial officer. Precautions Urged. The I4C has issued the following key recommendations for organisations and individuals: Finance departments must never process urgent financial transactions or account changes based solely on WhatsApp messages or emails, even if they appear to come from senior executives. All such requests should be verified by a direct voice call to the executive’s known official number or by in-person confirmation.
Organisations are advised to implement strict dual-verification protocols for high-value payments and to educate staff on these evolving tactics.
Victims or those who suspect they have been targeted are urged to immediately dial the national cybercrime helpline at 1930 or file a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in. Prompt reporting can help authorities trace and freeze fraudulent transactions. Cyber-security experts note that the “Boss Scam” represents an evolution of traditional Business Email Compromise (BEC) attacks, combining social engineering with malware to achieve account takeover and sustained impersonation.
As India continues to grapple with rising cybercrime, the I4C’s latest advisory underscores the need for heightened vigilance, especially within corporate hierarchies, where trust and urgency can be exploited to devastating financial effect. Organisations are encouraged to review their internal verification procedures and conduct awareness sessions to mitigate the risk of falling victim to this emerging threat.
