'Boss Scam' alert: Cybercriminals hijack executives' WhatsApp accounts to trick staff into transferring money
A new cyber fraud, the 'Boss Scam,' is targeting top executives, according to the Indian Cyber Crime Coordination Centre. Criminals are sending malicious files disguised as urgent compliance documents via email or WhatsApp. Once opened, malware gr...

According to I4C, the fraudsters send malicious archive files via email or WhatsApp, disguising them as urgent regulatory compliance documents. The files are designed to appear legitimate and prompt immediate action from the recipients.
Once the archive is opened and the malware is executed, the attackers gain access to the executive's Windows device and active Web WhatsApp sessions. The compromise allows cybercriminals to impersonate the executive and communicate directly with subordinate employees.
Using the hijacked accounts, fraudsters then instruct employees to make urgent financial transfers or carry out other transactions, leveraging the authority and trust associated with senior leadership positions.
I4C said the scam represents a growing trend in cybercrime that exploits both malware and social engineering techniques to deceive employees and bypass traditional verification mechanisms.
The cybercrime coordination centre has asked organisations and executives to exercise caution when receiving unsolicited files, particularly those claiming to involve urgent compliance requirements, and to verify any financial instructions received through messaging platforms before acting on them.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.