Boss Scam Cyber Fraud
Why in News?
The Indian Cyber Crime Coordination Centre (I4C), operating under the Ministry of Home Affairs (MHA), issued an advisory on 22 June 2026 warning individuals and organizations about a growing cyber fraud known as the “Boss Scam” or CEO impersonation fraud.
The scam exploits trust, urgency, and compromised digital accounts to induce unauthorized financial transfers through email and messaging platforms such as WhatsApp.
What is the Boss Scam?
The Boss Scam is a form of social engineering attack in which cybercriminals impersonate senior officials such as:
- Chief Executive Officers (CEOs)
- Managing Directors (MDs)
- Chief Financial Officers (CFOs)
- Senior Government or Regulatory Officials
Fraudsters send urgent instructions requesting immediate fund transfers, often targeting finance departments and subordinate employees who may comply without verification.
How Does the Boss Scam Fraud Work?
The scam typically follows a multi-stage process:
- Malicious Files Sent
- Criminals send archive files through email or WhatsApp disguised as regulatory notices, compliance documents, or urgent business communications.
- Malware Infection
- When the file is opened, malware infects the victim’s device, particularly Windows-based systems.
- Account Hijacking
- The malware may compromise active Web WhatsApp sessions and gain access to genuine executive accounts.
- Impersonation and Fund Transfer Requests
- Using the legitimate account, fraudsters send urgent payment instructions to finance teams or employees.
- Authority-Based Pressure
- In some cases, attackers falsely claim association with institutions such as the Reserve Bank of India (RBI) to create fear and urgency.
The fraud relies on three key elements: urgency, authority, and digital account compromise.
I4C Advisory and Preventive Measures
The I4C has recommended several cybersecurity precautions:
- Verify financial instructions through a separate communication channel.
- Avoid opening unsolicited attachments, even if they appear work-related.
- Strengthen cybersecurity awareness among employees.
- Use multi-factor authentication wherever possible.
- Monitor active Web WhatsApp sessions and log out from unused devices.
- Implement strict approval mechanisms for high-value transactions.
- Exercise caution when receiving urgent requests involving payments or compliance matters.
Organizations are also advised to regularly conduct cybersecurity training and incident-response exercises.
What is Social Engineering?
Social Engineering refers to cyberattacks that manipulate individuals into revealing confidential information or performing actions such as transferring funds, opening malicious files, or sharing credentials. Common examples include phishing, CEO fraud, and impersonation scams.
Boss Scam: Important Facts for Exams
- I4C (Indian Cyber Crime Coordination Centre) functions under the Ministry of Home Affairs.
- Boss Scam is also known as CEO impersonation fraud.
- The fraud primarily uses social engineering techniques.
- Web WhatsApp sessions can be compromised through malware infection.
- Cybercriminals sometimes impersonate regulators such as the Reserve Bank of India (RBI).
- Social engineering attacks exploit human psychology rather than technical vulnerabilities alone.
Discover more from Srishti IAS
Subscribe to get the latest posts sent to your email.
