Explained: What’s the ‘Boss Scam’ SEBI has warned about and how is it committed

By Asha Menon

  • 17 Jul 2026

The Securities and Exchange Board of India (SEBI) has warned about what is being called a “boss scam”, after being alerted about this emerging trend by the Indian Cybercrime Coordination Centre.

The capital markets regulator’s warning, issued through a circular on Friday, comes after the cybercrime centre last month put up an advisory about scams where fraudsters impersonate CEOs and other top executives of companies.

What exactly is the boss scam?

The “boss scam” refers to a scam in which the fraudsters target top-ranking executives of companies and impersonate them to get subordinates to transfer large sums of money to mule accounts.

The cybercrime centre pointed out last month that cybercriminals were targeting high-ranking executives by delivering malicious archives via email or WhatsApp under the guise of urgent regulatory compliance. Once executed, the malware compromises the executive’s Windows device and active Web WhatsApp sessions, enabling the fraudsters to message subordinate employees and orchestrate fraudulent financial transfers.

How are such frauds committed?

There are two ways in which such a scam is committed. One, by impersonating managing directors or CEOs using deepfakes. Two, by taking over the WhatsApp and other social media accounts of high-ranking executives.

In the first, fraudsters impersonate the high-ranking executive using voice clones or AI to make video calls, and may even create false WhatsApp groups seemingly run by high-ranking executives. Then, they instruct the finance officer to make transfers to mule accounts and ask them not to share details about these transactions saying that this may qualify for unpublished price-sensitive information (UPSI).

In the second, the fraudsters pose as CEO and send to the CFO certain Zip files that contain malicious executable (.exe) files that come with dynamic link library (.dll). When the CFO extracts the Zip file and executes the .exe file on a Windows laptop or desktop, a Trojan dropper is initiated. This allows them to take over the CFO’s active Web WhatsApp session and access all of his contacts including finance department employees, who are then contacted as the CFO and instructed to make the fund transfers to the mule accounts.

This method could also be used to save the fraudster's number as CEO/MD of the company, and then they can call the employees as CEO/MD and ask them to make the transfers.

What can corporate executives do?

The regulator has asked people to remain cautious and cross-check requests received through WhatsApp, emails or social media platforms by calling their seniors.

It has also asked people not to transfer funds only on the basis of instructions received via social media accounts, not to install .exe files without verifying the identity of the sender, and to log out of any Web WhatsApp sessions that are not in use.

SEBI has also asked people to report such incidents to the union home ministry’s cybercrime cell.