I4C Warns Companies About Malware-Driven 'Boss Scam' Targeting Executives
India's cybercrime coordination body has flagged a 'Boss Scam' in which fraudsters impersonate senior executives, hijack WhatsApp sessions and push finance teams into urgent money transfers.
The NE Times Technology Desk
Commentary & Analysis ·

The Indian Cyber Crime Coordination Centre (I4C) has warned companies about a 'Boss Scam' in which fraudsters impersonate senior executives or regulators to pressure staff into urgent money transfers. Reports on 22 June 2026 said the fraud blends social engineering, malware and workplace hierarchy into a single, fast-moving attack.
How the scam works
According to the advisory, attackers may send malicious archive files through email or WhatsApp, disguising them as compliance or official documents. Once a target opens the file, the malware can compromise Windows devices and hijack active Web WhatsApp sessions.
From inside a hijacked account, the criminals message finance teams while appearing to be a genuine senior official, lending the request the authority of the chain of command and making a hurried transfer feel routine.
Why companies are vulnerable
The danger lies in the combination. Technical compromise gives the attacker a trusted identity, while the psychology of hierarchy discourages a junior employee from questioning what looks like a direct instruction from the top. Urgency is engineered deliberately to short-circuit normal checks.
Finance and accounts teams are the prime targets because they can authorise payments, and a single unverified transfer can move large sums before anyone notices the deception.
How to protect against it
The I4C has urged firms to build verification habits that do not depend on a single channel, and to treat unexpected payment instructions, however senior the apparent source, with caution.
- Verify all payment instructions through a second, independent channel.
- Avoid opening unknown executable or archive files from email or WhatsApp.
- Train finance and accounts teams to recognise urgency-based pressure.
- Secure and regularly review Web WhatsApp and other active sessions.
- Report suspected cybercrime quickly through official channels.
“Firms are being urged to verify payment instructions through a second channel and to report suspicious activity quickly.”
— I4C advisory, as reported
As impersonation tactics grow more technically sophisticated, the most reliable defence remains procedural: a culture in which verifying an unusual payment request is expected rather than awkward. For Indian companies, the I4C warning is a prompt to harden both their software and their habits.
The NE Times View
The 'Boss Scam' weaponises hierarchy itself, exploiting the instinct to obey a senior's urgent order. As fraud shifts from crude phishing to hijacked WhatsApp sessions, India's real vulnerability is cultural as much as technical: finance teams trained to comply, not question. I4C's alert is useful, but defence lies in dull discipline, payment verification protocols, callback rules and a workplace where double-checking the CEO is rewarded, not punished.
This article is original commentary and analysis by The NE Times. Background facts were referenced from NDTV and The Economic Times.
You may also like to read

I4C Warns Indian Companies of Rising 'Boss Scam' CEO-Impersonation Cyber Fraud
India's cybercrime coordination agency has flagged an emerging 'Boss Scam' in which fraudsters impersonate regulators and executives to push urgent, fraudulent money transfers at companies.

Boss Scam Advisory Warns Indian Companies Over Executive Impersonation Fraud
Indian firms are being warned about the rising Boss Scam, in which fraudsters impersonate senior executives to push urgent payments or data transfers, exploiting hierarchy and trust rather than technical weakness.

Telegram Faces Growing India Scrutiny After Home Ministry Cybercrime Report
Telegram is under sharper scrutiny in India after a Home Ministry cybercrime report flagged the platform's alleged use for child sexual abuse material and financial fraud across its largest market of 150 million-plus users.

India Steps Up Telegram Monitoring Over Cybercrime And Fraud Concerns
India's cybercrime agencies are proactively monitoring Telegram groups and channels linked to fraud and illegal content, as the government balances citizen safety against lawful digital communication.
More from this section
More
ISRO Fires Semi-Cryogenic Engine Power Head at 175 Tonnes in Landmark Hot Test
ISRO successfully ran its indigenous semi-cryogenic engine power head at 175 tonnes of thrust, clearing a key hurdle toward powering the LVM3 upgrade and the Next Generation Launch Vehicle.

India Tech Funding Climbs to $7.2 Billion in H1 2026 Even as Deal Count Slumps
Indian tech startups raised $7.2 billion in the first half of 2026, up 12 per cent year-on-year, but the number of funding rounds fell sharply as capital concentrated in a handful of mega-deals.

OnePlus N6 Headlines a Crowded End-June Gadget Calendar in India
The OnePlus N6, with its 8,000mAh battery and sub-Rs 25,000 price tag, leads a busy late-June run of smartphone launches in India spanning OnePlus, Oppo and Samsung.