I4C Warns CEOs, CFOs and Finance Teams as Cybercriminals Use Executive Impersonation to Steal Corporate Funds

The Indian Cyber Crime Coordination Centre (I4C) has issued a nationwide advisory warning companies about a rapidly growing cyber fraud known as the "Boss Scam," a sophisticated form of executive impersonation fraud that is increasingly targeting businesses, senior management teams and finance departments across the country.

The advisory highlights how cybercriminals are leveraging social engineering, malware and digital communication platforms to trick employees into transferring funds, revealing confidential information or compromising corporate systems. As organizations become more digitally connected, cybersecurity experts believe such scams could become one of the most significant financial threats facing businesses in the coming years.

What is the Boss Scam?

The Boss Scam, also referred to as CEO Fraud or Executive Impersonation Fraud, is a cybercrime tactic where fraudsters pretend to be a company's senior executive and instruct employees to perform urgent financial transactions.

The scam exploits organizational hierarchy and employee trust. Messages typically appear to come from a CEO, Managing Director, Chairman or Chief Financial Officer and often contain requests marked as confidential, urgent or time-sensitive.

Because the communication appears authentic, employees may unknowingly authorize large fund transfers or share sensitive company information without conducting proper verification.

Cybersecurity agencies globally classify such attacks under Business Email Compromise (BEC), one of the most financially damaging forms of cybercrime.

New Scam Variant Uses Fake Regulatory Notices

According to the I4C advisory, cybercriminals have evolved their tactics and are now targeting top executives directly before attacking the organization.

In the latest version of the scam, fraudsters impersonate regulatory authorities such as the Reserve Bank of India (RBI) and send emails or WhatsApp messages claiming that a company has violated compliance requirements or must immediately install a security update.

The communication is designed to create panic and urgency, increasing the likelihood that the recipient will open the attached file without suspicion.

The messages often appear highly professional and may include official logos, regulatory references and convincing language intended to mimic genuine government communication.

Malware Hidden Inside Fake Documents

The fraudulent messages contain ZIP files disguised as compliance documents or urgent notifications.

Inside the compressed archive are executable files (.exe) and Dynamic Link Library (.dll) files that install malware when opened on a Windows computer.

Once activated, the malware can gain extensive access to the victim's device, allowing cybercriminals to monitor communications, collect data and compromise corporate systems.

Investigators have observed multiple instances where executives unknowingly forwarded these files to finance teams, enabling the malware to spread within organizations.

WhatsApp Becomes a Key Attack Channel

One of the most concerning aspects of the latest Boss Scam is its ability to compromise WhatsApp Web sessions.

By taking control of a victim's device, attackers can access active WhatsApp accounts and observe internal communications. In some cases, fraudsters reportedly modify contact information and create fake executive identities within the victim's contact list.

An attacker-controlled phone number may then be saved under names such as "CEO" or "Chairman," allowing fraudsters to send seemingly legitimate instructions to finance departments.

The result is a highly convincing impersonation attack that can bypass traditional email security systems.

Why Finance Teams Are Prime Targets

Finance and accounts departments remain the primary targets because they have the authority to process payments and modify banking details.

Fraudsters often instruct employees to:

• Transfer funds to new bank accounts
• Process urgent vendor payments
• Approve confidential acquisitions
• Release employee salary payments
• Share banking credentials or financial documents

Because the requests appear to originate from senior management, employees may hesitate to question them.

Cybersecurity experts emphasize that authority-based manipulation remains one of the most effective forms of social engineering.

Financial Impact Can Be Severe

Globally, CEO fraud and Business Email Compromise schemes have resulted in billions of dollars in losses.

Apart from direct financial damage, organizations can suffer:

• Reputational harm
• Regulatory scrutiny
• Operational disruptions
• Loss of customer trust
• Legal liabilities

For small and medium-sized enterprises, a single successful attack can have devastating financial consequences.

I4C's Key Recommendations for Businesses

The government has urged organizations to strengthen both technical safeguards and internal control mechanisms.

Verify Every High-Value Transaction

Finance teams should independently verify all urgent payment requests through direct phone calls, video verification or face-to-face confirmation.

Never Trust WhatsApp Alone

No payment instruction should be executed solely on the basis of a WhatsApp message, regardless of the sender's identity.

Avoid Opening Unknown Attachments

Executives and employees should never download software or open attachments received from unknown sources.

The advisory specifically notes that regulatory bodies such as the RBI do not distribute software updates or security patches via WhatsApp attachments.

Monitor Linked Devices

Organizations should routinely review WhatsApp Web sessions and disconnect any unauthorized devices.

Strengthen Endpoint Security

Companies should deploy advanced antivirus software, endpoint detection systems and malware protection tools across all corporate devices.

Restrict Unauthorized Software

Application control policies can prevent malicious executable files from running on company systems.

Cybersecurity Emerging as a Boardroom Priority

The rise of executive impersonation fraud reflects the changing nature of cyber threats. Cybersecurity is no longer solely an IT department concern—it has become a core business risk that directly impacts financial stability and corporate governance.

As artificial intelligence, deepfake technology and sophisticated social engineering techniques continue to evolve, cybercriminals are expected to develop even more convincing impersonation tactics.

Organizations that combine employee awareness, robust verification processes and advanced cybersecurity infrastructure will be better positioned to defend against emerging threats.

Growing Digital Economy Requires Greater Vigilance

India's rapidly expanding digital economy has created enormous opportunities for businesses, but it has also increased exposure to cybercrime. With companies relying heavily on digital communication platforms, attackers are finding new ways to exploit trust and organizational structures.

The I4C advisory serves as a timely reminder that cyber fraud is becoming increasingly sophisticated. For businesses, the most effective defense remains a combination of technology, employee training and a culture of verification.

As cybercriminals continue to refine their tactics, one principle remains essential: no financial transaction should be processed without independent confirmation, regardless of who appears to be giving the instruction.