The 'Boss Scam': I4C warns of cyber fraud targeting CEOs, firms

New Delhi: The Indian Cyber Crime Coordination Centre (I4C), under the union home ministry, on Monday said it has observed an emerging trend in cybercrime referred to as the 'Boss Scam' or CEO impersonation fraud.

Cybercriminals are targeting high-ranking officials and executives by delivering malicious archives via email or WhatsApp under the guise of urgent regulatory compliance. Once executed, the malware compromises the executive's Windows device and active Web WhatsApp sessions, enabling fraudsters to message subordinate employees and orchestrate fraudulent financial transfers, according to I4C.

Also Read: What is ‘WhatsApp Screen Mirroring Fraud’ that can drain your bank account and lead to identity theft?


While sharing the modus operandi, I4C noted that sophisticated cybercriminals contact CEO or high-ranking officials via email or WhatsApp, impersonating regulators such as the Reserve Bank of India. The communication falsely claims regulatory violation or mandates an urgent security improvement, demanding a response within a very short timeframe.

The message purportedly contains a compressed . zip archive. Inside this archive is a malicious executable (. exe) accompanied by a Dynamic Link Library (. dll) file. As seen in multiple cases, the CEO forwards the message to the finance officer. Upon receiving the message, the executive extracts and executes the file on a Windows desktop or laptop, a Trojan dropper is initiated. The malware establishes a persistent foothold, compromises the system, and hijacks the active Web WhatsApp session tokens, the I4C said in an advisory.

Also Read: PSBs told to tighten scrutiny of government accounts amid fraud concerns

It said finance departments of the companies should verify the request of any urgent financial transactions or account changes based solely on a WhatsApp text or email.