Boss scam in India cases have prompted the country’s securities regulator to warn listed companies and regulated entities about cybercriminals impersonating senior executives to secure fraudulent financial transfers.
The Securities and Exchange Board of India issued the warning on July 17 after receiving information from the Indian Cyber Crime Coordination Centre about a rise in the cyber fraud targeting executives, finance officers and other employees with access to company funds.
Known as a boss scam or CEO impersonation scam, the fraud relies on criminals pretending to be chief executives, managing directors or other senior officials. Employees are then instructed to make urgent payments to accounts controlled by the attackers.
SEBI said criminals may contact company employees through email, WhatsApp, Microsoft Teams and social media. The boss scam in India can also involve malware designed to compromise an executive’s computer or hijack an active WhatsApp Web session.
Once access is secured, criminals can issue payment instructions from an authentic executive account, making the corporate financial fraud more difficult for employees to identify.
How the boss scam in India targets finance teams
The boss scam in India primarily exploits the authority associated with senior management positions. Fraudsters create a sense of urgency and may tell employees that a payment must be completed immediately for a confidential transaction, regulatory requirement or commercial obligation.
Finance executives, accountants and employees authorised to process payments are particularly vulnerable because their roles give them direct access to corporate bank accounts and payment systems.
In a basic CEO impersonation scam, the criminal creates a fake email address, messaging account or social media profile resembling that of a senior executive. The fraudster may use the executive’s name, photograph and job title to make the communication appear genuine.
The employee is then asked to transfer money to specified mule bank accounts. The request may include instructions not to consult colleagues because the transaction is supposedly confidential or commercially sensitive.
These tactics are intended to prevent the employee from independently confirming the request. By combining urgency, secrecy and senior authority, the boss scam in India places employees under pressure to bypass normal financial controls.
Malware variant enables WhatsApp account takeover
A more sophisticated version of the boss scam in India begins with a malware attack targeting a chief executive or another senior company official.
According to the I4C advisory, cybercriminals may contact an executive through email or WhatsApp while impersonating a regulator, including the Reserve Bank of India. The message may falsely claim that the company has committed a regulatory violation or must urgently install a security update.
The communication can contain a compressed ZIP archive holding a malicious executable file and a Dynamic Link Library file. If the files are extracted and executed on a Windows computer, the malware can establish access to the device.
The malware attack may also compromise active WhatsApp Web session tokens. This can allow the fraudster to conduct a WhatsApp account takeover and send messages through the executive’s genuine account.
The attacker can then contact finance employees and instruct them to make immediate transfers to mule bank accounts. Since the request appears to originate from a legitimate executive account, employees may not recognise it as a CEO impersonation scam.
Another variation involves manipulating the compromised device’s contact list. The fraudster may save an attacker-controlled phone number under the chief executive’s name before using that number to send fraudulent payment instructions.
SEBI cyber fraud warning focuses on payment verification
The SEBI cyber fraud warning advised regulated entities and listed companies to ensure that employees do not transfer funds solely on the basis of instructions received through social media or messaging platforms.
An urgent payment request received through WhatsApp, email or Microsoft Teams should be independently confirmed through an established company channel. Employees can contact the executive directly by telephone or seek in-person confirmation before authorising the transaction.
The boss scam in India succeeds when employees treat digital messages as sufficient proof of authorisation. SEBI’s warning therefore places particular importance on verification procedures capable of operating even when a genuine executive account has been compromised.
Companies may also require multiple approvals for large or unusual payments. A dual-authorisation process can reduce the likelihood of a single employee processing a fraudulent transaction without further scrutiny.
Payment requests involving a new beneficiary, a sudden change in bank account details or an unusual demand for confidentiality should receive additional examination.
Why senior executives are being targeted
Senior executives are valuable targets because their identities carry authority within an organisation. Their instructions may receive immediate attention, particularly when sent to junior employees or finance teams responsible for completing urgent payments.
Executives also communicate regularly with regulators, legal advisers, auditors and financial institutions. Criminals can exploit these professional responsibilities by disguising malware as regulatory correspondence or compliance documentation.
The boss scam in India demonstrates how a compromised executive device can expose an entire organisation to corporate financial fraud. The initial victim may be the chief executive, but the financial request is ultimately directed at an employee responsible for transferring company funds.
This method combines technical intrusion with social engineering. Malware provides access to the executive’s device or account, while psychological pressure persuades the employee to act without conducting proper checks.
Corporate cybersecurity measures against CEO impersonation scams
Companies responding to the boss scam in India should combine technical protections with stronger internal payment controls.
The I4C advisory recommends that executives and employees avoid installing executable files received from unknown or unverified sources. Regulators such as the Reserve Bank of India do not distribute mandatory security updates through WhatsApp attachments.
System administrators can establish software restriction policies to prevent unknown executable and DLL files from running through user profile directories. Windows devices should also be protected by updated security tools capable of detecting malware.
Executives should regularly inspect the linked devices section of WhatsApp and log out of WhatsApp Web sessions that are no longer being actively used. Unknown linked devices may indicate that an account or session has been compromised.
Corporate cybersecurity training should also explain that messages sent from an authentic account are not automatically trustworthy. A WhatsApp account takeover can allow criminals to communicate through the same profile previously used by the genuine executive.
Companies should maintain written procedures for verifying urgent payments, changing beneficiary details and responding to requests from senior management. Employees should be authorised to delay a transaction until the instruction has been independently confirmed.
Boss scam in India highlights social engineering risks
The boss scam in India reflects a wider shift in cybercrime towards attacks that combine malware, impersonation and manipulation of workplace hierarchies.
Traditional cybersecurity systems may detect suspicious files or unauthorised access, but they cannot fully prevent an employee from voluntarily completing a transfer after receiving what appears to be a genuine instruction.
Effective protection therefore depends on both corporate cybersecurity and organisational discipline. Companies must secure executive devices while ensuring that no employee is expected to bypass payment controls because a request appears urgent or comes from senior management.
SEBI’s intervention extends the warning to India’s regulated financial sector and listed companies, where fraudulent transfers can create financial, operational and reputational consequences.
The boss scam in India also shows that cybercriminals are adapting their methods to commonly used corporate communication tools. Email, WhatsApp, Microsoft Teams and social media platforms can all be used to create convincing instructions and pressure employees into acting quickly.
Suspected cyber fraud can be reported through India’s cybercrime helpline at 1930 or through the National Cyber Crime Reporting Portal. Prompt reporting may assist authorities and financial institutions in tracing fraudulent transfers and identifying mule bank accounts.
Published in SouthAsianDesk, July 19, 2026
Follow SouthAsianDesk on X, Instagram and Facebook for insights on business and current affairs from across South Asia.



