Mumbai (Maharashtra) [India], July 17 (ANI): The Securities and Exchange Board of India (SEBI) on Friday cautioned listed companies and regulated entities against an emerging cyber fraud known as the “Boss Scam”, in which fraudsters impersonate as Chief Executive Officers (CEOs), Managing Directors (MDs) and other senior officials to trick finance executives into transferring funds.
SEBI said the advisory has been issued after the Indian Cyber Crime Coordination Centre (I4C) informed the market regulator about the growing trend of such frauds.
SEBI said it is issuing this Press Release as “I4C has observed an emerging trend in cybercrime referred to as the “Boss Scam” or CEO/MD impersonation fraud whereby fraudsters are targeting high-ranking officials/finance executives which compels them to transfer of funds to fraudsters”.
According to SEBI, fraudsters are targeting CEOs and other senior officials through email, WhatsApp and other social media platforms. They then communicate with finance officials or other employees by impersonating these senior executives and direct them to transfer funds to accounts controlled by fraudsters.
The regulator said cyber criminals are using two major methods to carry out the fraud.
Under the first method, fraudsters use deepfake technology, including AI-generated voice cloning, fake video calls and false social media groups to impersonate CEOs or MDs.
Finance officials are then instructed to transfer money to a specified bank account. In some cases, they are also told not to disclose the transaction by claiming that it relates to Unpublished Price Sensitive Information (UPSI).
Under the second method, fraudsters send a compressed .zip file through messages. The file contains a malicious executable file along with a Dynamic Link Library (DLL) file. If the file is opened on a Windows computer, malware is installed that can hijack the user’s active WhatsApp Web session.
SEBI said once the fraudsters gain access to the finance officer’s WhatsApp account, they contact accounts or finance employees and instruct them to make urgent payments to specified mule bank accounts.
In some cases, if the attackers gain complete control of the device, they secretly change the contact list by saving the fraudster’s phone number under the name of the CEO or MD and then use that number to issue payment instructions.
The market regulator advised listed companies and regulated entities to remain cautious and verify all payment requests received through WhatsApp, email or social media platforms by directly calling senior officials. It also advised companies not to transfer funds solely on the basis of instructions received through social media platforms.
SEBI further urged organisations not to install executable files received from unknown or unverified sources, even if they appear to have been sent by a known person, without first confirming the sender’s identity. It also advised users to log out of WhatsApp Web sessions that are not actively being used.
The regulator asked companies to immediately report any such fraud or cybercrime incident by calling the national cybercrime helpline 1930 or reporting it through the National Cyber Crime Reporting Portal. (ANI)
(The article has been published through a syndicated feed. Except for the headline, the content has been published verbatim. Liability lies with original publisher.)
Reliance Retail Q1 revenue rises 7.4% to Rs 90,408 crore
Mumbai (Maharashtra) [India], July 17 (ANI): Reliance Retail Ventures Limited (RRVL) reported a 7.4 per…
Jalandhar (Punjab) [India], July 17 (ANI): Highlighting Jalandhar's key role in the country's sports manufacturing…
Fenerbahce present new signings Greenwood, Ake and Muriqi
VIDEO SHOWS: FENERBAHCE PRESENTING NEW SIGNINGS NATHAN AKE, MASON GREENWOOD AND VEDAT MURIQI RESENDING WITH…