Police Issue Warning Over "Boss Scam" Targeting Senior Executives, Finance Staff

Thiruvananthapuram: Police have issued a caution notice over a new type of cyber fraud targeting senior officials at major institutions and companies, as well as finance department employees. The warning comes amid a surge in such scams, known as "Boss Scam" or "CEO Impersonation Fraud."

The fraud typically begins with fake urgent messages sent in the name of the RBI or official audit teams, designed to create panic among employees. Fraudsters then send malware-laden files through ZIP attachments to gain control of computers at the targeted institution. They also create fake profiles of senior officials or take over their existing accounts.

Once they gain control of the computers, the fraudsters use employees' WhatsApp Web sessions to send fake messages impersonating the CEO, demanding urgent money transfers — and use this to siphon off funds from the organisation.

Employees at institutions are advised to take particular care: financial transactions should never be carried out solely on the basis of WhatsApp or email messages. Before transferring large sums, senior officials should be contacted directly by phone to confirm the request. ZIP, EXE or DLL files received from unknown sources should never be opened under any circumstances. WhatsApp's "linked devices" list should be checked regularly to ensure security. Organisations should also put in place systems requiring multiple-person authorisation for financial transactions. Police said anyone who falls victim to such fraud should immediately report it on the helpline number 1930 or via the official website www.cybercrime.gov.in.