Thiruvananthapuram, 29 June (H.S.): Kerala Police have issued a warning against a sophisticated new cyber fraud known as the “Boss Scam” or “CEO Impersonation Fraud”, which is increasingly targeting senior executives and finance department employees in companies and business establishments.
According to the police, cybercriminals begin the scam by sending fake urgent messages in the name of the Reserve Bank of India (RBI) or official audit teams, creating panic among company officials. These messages often contain ZIP files embedded with malware. Once opened, the malicious files enable fraudsters to gain control of the organisation’s computers and internal systems.
The attackers then either create fake profiles of senior executives or compromise their existing accounts. Using access to employees’ computers, they exploit active WhatsApp Web sessions to send fraudulent messages posing as CEOs or other top officials.
The fake messages typically instruct finance personnel to make immediate fund transfers, claiming the payments are urgent or confidential. Employees who act without verifying the request risk transferring substantial sums of company money directly to the fraudsters.
Kerala Police have advised organisations not to rely solely on WhatsApp or email messages when authorising financial transactions. Before transferring large amounts, employees should directly contact the concerned senior executive through a verified phone call or another trusted communication channel to confirm the request.
The police have also urged employees never to open ZIP, EXE or DLL files received from unknown or suspicious sources, as these may contain malware designed to steal sensitive information or compromise computer systems.
To strengthen cyber security, organisations have been advised to regularly review the “Linked Devices” section in WhatsApp to ensure that no unauthorised devices have access to their accounts. Companies should also introduce multi-level approval systems for financial transactions to minimise the risk of fraud.
Victims of cyber financial fraud have been urged to report incidents immediately by calling the national cybercrime helpline 1930 or by filing a complaint through the National Cyber Crime Reporting Portal at www.cybercrime.gov.in.
---------------
Hindusthan Samachar / Arun Lakshman
