I4C Warns Indian Companies of Rising 'Boss Scam' CEO-Impersonation Cyber Fraud
India's cybercrime coordination agency has flagged an emerging 'Boss Scam' in which fraudsters impersonate regulators and executives to push urgent, fraudulent money transfers at companies.
The NE Times Technology Desk
Commentary & Analysis ·

The Indian Cyber Crime Coordination Centre (I4C), which operates under the Union Home Ministry, has issued a warning to companies about an emerging fraud it calls the 'Boss Scam', a form of CEO-impersonation attack aimed squarely at senior executives and the businesses they run. The advisory describes a scheme that blends social engineering with malware to engineer fraudulent financial transfers.
How the scam works
According to the advisory, cybercriminals pose as regulators, including by invoking the name of bodies such as the Reserve Bank of India, and send urgent compliance-themed messages over email or WhatsApp. The pressure of an apparently official, time-sensitive demand is designed to short-circuit the normal checks an employee would otherwise apply.
The technical hook is a malicious archive file. Once opened, it can compromise Windows devices and hijack active Web WhatsApp sessions, allowing fraudsters to message colleagues from what looks like a trusted account and push through fraudulent transfers before anyone verifies the request.
Why executives are the target
Senior leaders are attractive marks because their instructions carry weight: a payment request that appears to come from a chief executive is more likely to be actioned quickly and questioned less. By impersonating a boss or a regulator, attackers exploit hierarchy and urgency together, two of the most reliable levers in financial fraud.
What companies are advised to do
The advisory places verification of urgent financial requests, endpoint security and staff awareness at the centre of corporate cyber safety. In practice that means treating any out-of-band payment instruction as suspect until confirmed through a separate, trusted channel, and not relying on the messaging app the request arrived through.
- Fraudsters impersonate regulators such as the RBI and senior executives.
- Urgent compliance-themed lures arrive via email or WhatsApp.
- Malicious archive files can compromise Windows devices and Web WhatsApp sessions.
- Verify all urgent financial requests through a separate trusted channel.
- Strengthen endpoint security and run regular staff awareness training.
“Verification of urgent financial requests, endpoint security and staff awareness are central to corporate cyber safety.”
— I4C advisory
The warning lands amid a broader rise in socially engineered fraud targeting organisations rather than individuals, where a single compromised session can expose an entire company's payment workflows. As remote work and messaging apps blur the line between personal and corporate communication, the attack surface for impersonation grows.
For Indian firms, the practical takeaway is cultural as much as technical: building a workplace where pausing to verify a 'boss's' urgent instruction is encouraged, not penalised, may prove the strongest defence against the Boss Scam.
The NE Times View
The 'boss scam' works because it exploits hierarchy and urgency, the instinct to comply when authority demands speed, which no firewall can patch. I4C's alert is timely, but advisories alone won't stop it; Indian firms need mandatory verification protocols for high-value transfers and finance staff trained to slow down under pressure. As deepfake voice and video tools spread, impersonation will only get more convincing, and the weakest link remains human.
This article is original commentary and analysis by The NE Times. Background facts were referenced from The Economic Times and I4C.
You may also like to read

Boss Scam Advisory Warns Indian Companies Over Executive Impersonation Fraud
Indian firms are being warned about the rising Boss Scam, in which fraudsters impersonate senior executives to push urgent payments or data transfers, exploiting hierarchy and trust rather than technical weakness.

I4C Warns Companies About Malware-Driven 'Boss Scam' Targeting Executives
India's cybercrime coordination body has flagged a 'Boss Scam' in which fraudsters impersonate senior executives, hijack WhatsApp sessions and push finance teams into urgent money transfers.

Tata Electronics Cyber Incident Raises Supply-Chain Data Questions
Tata Electronics has confirmed a cybersecurity incident after a ransomware group claimed to post over 200,000 files allegedly tied to Apple and Tesla component designs, spotlighting India's electronics supply-chain security.

India Monitoring Telegram After Report Flags Illegal Content Risks
A government report cited by Reuters says authorities are proactively tracking Telegram groups over concerns about child abuse material and financial scams.
More from this section
More
ISRO Fires Semi-Cryogenic Engine Power Head at 175 Tonnes in Landmark Hot Test
ISRO successfully ran its indigenous semi-cryogenic engine power head at 175 tonnes of thrust, clearing a key hurdle toward powering the LVM3 upgrade and the Next Generation Launch Vehicle.

India Tech Funding Climbs to $7.2 Billion in H1 2026 Even as Deal Count Slumps
Indian tech startups raised $7.2 billion in the first half of 2026, up 12 per cent year-on-year, but the number of funding rounds fell sharply as capital concentrated in a handful of mega-deals.

OnePlus N6 Headlines a Crowded End-June Gadget Calendar in India
The OnePlus N6, with its 8,000mAh battery and sub-Rs 25,000 price tag, leads a busy late-June run of smartphone launches in India spanning OnePlus, Oppo and Samsung.