Context
The Securities and Exchange Board of India (SEBI) has advised regulated entities and listed companies to strengthen internal controls against the growing threat of ‘Boss Scam’, a cyber fraud involving the impersonation of senior executives to induce unauthorised fund transfers.
About Boss Scam
- The fraud increasingly relies on Artificial Intelligence (AI) and deepfake technology, including voice cloning, fake video calls, and fabricated social media profiles, to make fraudulent instructions appear genuine.
- Fraudsters typically create a sense of urgency by directing employees to transfer money to designated bank accounts. They may also falsely claim that the transaction relates to Unpublished Price Sensitive Information (UPSI) to discourage verification or disclosure.
- Another common technique involves sending compressed ZIP files containing malware. Once opened, the malware can compromise the user’s device and hijack active WhatsApp Web sessions.
- After gaining access, attackers send fraudulent payment requests through the victim’s WhatsApp account or replace executive contact details with their own numbers, making the messages appear authentic.
- The scam exploits organisational trust, urgency, and weak verification procedures, underscoring the importance of robust cybersecurity measures, independent verification of financial instructions, and regular employee awareness programmes.

