What Is ‘Boss Scam’? SEBI Warns Companies About CEO Impersonation Fraud, Explains Modus Operandi
SEBI has warned listed companies about the emerging 'Boss Scam,' in which cybercriminals impersonate CEOs and senior executives using emails, WhatsApp, AI-generated voice cloning and deepfakes to trick employees into transferring money. The regulator has advised organisations to verify payment requests independently and report cyber fraud through the national helpline 1930.
The Securities and Exchange Board of India (SEBI) has warned listed companies and regulated entities about an emerging cyber fraud known as the "Boss Scam," in which criminals impersonate chief executives and other senior officials to trick employees into transferring funds. The advisory comes amid a rise in cybercrime cases and follows an alert from the Indian Cyber Crime Coordination Centre (I4C).
According to SEBI, fraudsters are increasingly targeting finance executives by posing as Chief Executive Officers (CEOs), Managing Directors (MDs) and other senior leaders through digital communication platforms. The regulator has urged organisations to strengthen verification procedures before processing financial transactions.
What Is the Boss Scam?
SEBI said the "Boss Scam," also referred to as CEO/MD impersonation fraud, involves cybercriminals pretending to be senior company officials to convince finance teams or employees to transfer money to accounts controlled by fraudsters.
Explaining the advisory, SEBI said: "I4C has observed an emerging trend in cybercrime referred to as the “Boss Scam" or CEO/MD impersonation fraud whereby fraudsters are targeting high-ranking officials/finance executives which compels them to transfer of funds to fraudsters."
The regulator issued the warning after receiving inputs from I4C regarding an increase in such incidents.
How Do Fraudsters Carry Out the Scam?
According to SEBI, cybercriminals contact employees through email, WhatsApp and social media platforms, impersonating senior executives and issuing urgent payment instructions.
The regulator said fraudsters are increasingly using deepfake technology, including:
- AI-generated voice cloning
- Fake video calls
- Fabricated social media groups
In some cases, employees are instructed to keep transactions confidential by falsely claiming they relate to Unpublished Price Sensitive Information (UPSI).
Malware Used to Hijack WhatsApp Accounts
SEBI also highlighted another technique used by cybercriminals. Fraudsters may send a compressed .zip file containing malware through messaging platforms. If the file is opened on a Windows computer, the malware can hijack the user's active WhatsApp Web session.
The compromised account is then used to contact finance officials or colleagues, requesting urgent fund transfers to bank accounts controlled by the attackers.
The regulator warned that fraudsters who gain full access to a device may even save their own phone numbers under the names of CEOs or managing directors to make fake payment requests appear genuine.
SEBI Advises Companies to Verify Every Payment Request
To reduce the risk of falling victim to such fraud, SEBI advised organisations not to rely solely on instructions received through WhatsApp, email or social media.
The regulator recommended that companies:
- Verify payment requests directly with senior officials through independent communication channels.
- Avoid installing files received from unknown or unverified sources.
- Log out of inactive WhatsApp Web sessions regularly.
- Strengthen internal approval processes for financial transactions.
SEBI also urged organisations to report any suspected cyber fraud immediately through the National Cyber Crime Helpline (1930) or the National Cyber Crime Reporting Portal.
The advisory reflects increasing concerns over cyber threats targeting businesses as fraudsters adopt artificial intelligence and other advanced technologies to make impersonation attempts more convincing.
SEBI's latest warning encourages companies to review their cybersecurity practices and employee awareness programmes to help prevent financial fraud and protect sensitive corporate information.
(The above story first appeared on LatestLY on Jul 17, 2026 08:35 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).