SEBI Warns Against 'Boss Scam' Cyber Fraud
SEBI cautions listed firms, warns of rising cyber fraud, advises verification of requests

The Securities and Exchange Board of India (SEBI) has issued a warning to listed companies and regulated entities against a growing cyber fraud known as the 'Boss Scam'. This scam involves fraudsters impersonating senior executives, such as chief executives or managing directors, to trick finance teams into transferring funds.
The warning comes after the Indian Cyber Crime Coordination Centre (I4C) flagged a rise in CEO/MD impersonation fraud targeting organisations through various platforms, including email, WhatsApp, and Microsoft Teams. According to SEBI, fraudsters use various tactics, including artificial intelligence tools like voice cloning and deepfake video calls, to make the impersonation appear genuine.
In some cases, fraudsters send a compressed ZIP file containing malicious software, which hijacks active WhatsApp Web sessions when opened on a Windows device. This allows the fraudsters to gain access to the victim's account and send payment instructions to finance or accounts personnel. Additionally, cybercriminals may alter the contact list on a compromised device, saving their own number under the name of the CEO or Managing Director, to deceive employees into executing fund transfers.
SEBI has advised listed companies and regulated entities to independently verify requests received through WhatsApp, email, or social media by directly calling the concerned senior official. The regulator has also cautioned organisations against transferring funds solely on the basis of instructions received through social media platforms and advised them to avoid installing executable files without first verifying the sender's identity.
Furthermore, SEBI has urged entities to log out of inactive WhatsApp Web sessions and immediately report cyber fraud incidents by calling the national cybercrime helpline 1930 or through the Cyber Crime portal. The regulator's advisory is aimed at preventing the growing incidence of 'Boss Scam' cyber fraud, which has been observed by I4C to be increasingly targeting high-ranking officials and finance executives.
The 'Boss Scam' is a type of cyber fraud that can have serious financial consequences for organisations. It is essential for listed companies and regulated entities to be vigilant and take necessary precautions to prevent such scams. By verifying requests and being cautious when receiving instructions through social media platforms, organisations can protect themselves from falling victim to this type of cyber fraud.
SEBI's warning is a timely reminder of the importance of cybersecurity in the digital age. As technology continues to evolve, cybercriminals are finding new ways to exploit vulnerabilities and commit fraud. It is crucial for organisations to stay ahead of these threats by implementing robust cybersecurity measures and educating employees on how to identify and prevent cyber scams.
In the context of the Indian economy, the 'Boss Scam' cyber fraud is a significant concern. With the increasing use of digital platforms for financial transactions, the risk of cyber fraud is on the rise. SEBI's advisory is an important step in preventing such scams and protecting the interests of investors and organisations.
In conclusion, SEBI's warning against the 'Boss Scam' cyber fraud is a crucial reminder of the importance of cybersecurity in the digital age. By taking necessary precautions and being vigilant, listed companies and regulated entities can protect themselves from falling victim to this type of cyber fraud and prevent significant financial losses.