MHA warns of 'Boss Scam' by cyber criminals

CHENNAI: The Indian Cyber Crime Coordination Centre (I4C) under the Union Ministry of Home Affairs on Monday issued an advisory warning businesses and senior executives about a new cyber fraud involving regulatory impersonation, WhatsApp account takeover and high-value financial scams.

According to the advisory, cybercriminals are targeting chief executive officers (CEOs) and senior officials by posing as regulators such as the Reserve Bank of India (RBI) through email or WhatsApp messages.

The fraudsters falsely claim regulatory violations or urgent security compliance issues and pressure victims to respond immediately.

The advisory said the messages contain compressed files carrying malicious software. Once downloaded and executed on a Windows computer, the malware compromises the device and hijacks active WhatsApp Web sessions.

The attackers then gain access to the executive’s WhatsApp account and use it to send instructions to finance teams or subordinate employees, directing them to transfer funds to fraudulent bank accounts.

In some cases, the criminals reportedly alter the victim’s contact list and save an attacker-controlled number under the name of the CEO, enabling them to continue issuing fake payment instructions.

I4C urged companies to verify all requests involving urgent financial transactions or account changes through direct voice calls or in-person confirmation rather than relying solely on emails or WhatsApp messages.

The advisory also cautioned users against installing executable files received from unknown sources, noting that regulators such as the RBI do not distribute software updates or security fixes through WhatsApp attachments.

Organisations have been advised to implement strict software restriction policies, regularly review authorised devices linked to WhatsApp accounts, log out of unused WhatsApp Web sessions, and ensure that systems are protected with updated anti-malware solutions.

The cybercrime agency asked citizens and organisations to report suspicious incidents immediately through the national cybercrime helpline 1930 or the cybercrime reporting portal.