Telangana Cyber Bureau warns of 'Boss Scam' CEO fraud via WhatsApp
Synopsis
Over 300 Indians have fallen victim to the 'Boss Scam' in under 20 days — a WhatsApp and email-based fraud where malware-laced ZIP files let criminals hijack sessions, impersonate CEOs, and pressure finance teams into unauthorised transfers. Telangana's cyber bureau is sounding the alarm as the attack exploits trust, not technology.
Key Takeaways
The Telangana Cyber Security Bureau (TGCSB) issued an alert on 24 June about the 'Boss Scam' or CEO Impersonation Fraud.
More than 300 complaints have been reported across India within 20 days , indicating rapid spread.
Fraudsters send malicious ZIP/RAR files via email or WhatsApp disguised as compliance documents; opening them installs malware.
The malware hijacks Web WhatsApp sessions , enabling criminals to impersonate senior officials and demand urgent financial transfers.
Key red flags include unsolicited attachments, 'urgent compliance' messages, and pressure to bypass standard approval processes.
TGCSB Director Shikha Goel recommends enabling Multi-Factor Authentication (MFA) , verifying instructions by direct call, and reporting incidents immediately.
The Telangana Cyber Security Bureau (TGCSB) has issued a public alert on 24 June warning citizens, government departments, public sector organisations, private companies, and business establishments about a rapidly spreading cyber fraud known as the 'Boss Scam' or CEO Impersonation Fraud. The advisory follows a directive from the Indian Cyber Crime Coordination Centre (I4C), which has flagged a surge in such attacks targeting senior executives and finance teams across India.
How the Boss Scam Works
According to Shikha Goel, Director of the TGCSB, fraudsters send emails or WhatsApp messages containing malicious ZIP/RAR files disguised as compliance documents, regulatory notices, or urgent communications. Once a recipient opens the attachment, malware is silently installed on their device, enabling unauthorised access to active Web WhatsApp sessions and other sensitive data.
Cybercriminals then use this access to impersonate senior officials — typically a CEO or director — and issue fraudulent instructions to employees or finance teams. Victims are pressured into making immediate financial transfers or disclosing confidential information, often without time to verify the request through standard channels.
Scale of the Threat
More than 300 complaints have been reported across the country within a span of nearly 20 days, according to Goel, signalling a significant and rapid escalation in such incidents. The speed of proliferation has prompted the TGCSB to issue the advisory broadly, covering both private and public sector organisations.
This comes amid a broader national trend of social-engineering-based cyber fraud, where attackers exploit trust hierarchies within organisations rather than targeting technical vulnerabilities. Notably, CEO impersonation attacks have been rising globally, and India's large base of WhatsApp-dependent workplaces makes it a particularly exposed market.
Red Flags to Watch
The TGCSB has outlined key warning signs that employees and executives should be alert to. These include unexpected ZIP/RAR attachments, messages marked 'urgent compliance' or 'immediate action required', requests for confidential financial transactions, instructions delivered solely through email or WhatsApp, demands to bypass established approval procedures, and pressure to act without independent verification.
Safety Measures and What to Do
Goel recommended several protective steps: always verify financial instructions through a direct phone call or an official communication channel; avoid opening attachments from unknown or unverified sources; regularly review and log out of unused Web WhatsApp sessions; and enable Multi-Factor Authentication (MFA) wherever possible.
Organisations are advised to follow established approval processes for all financial transactions and to conduct regular cyber awareness training for employees. 'If you suspect a Boss Scam, do not respond to the message. Do not open the attachment. Verify the request independently through a trusted channel. Inform your IT/Security team immediately and preserve relevant evidence and report the incident without delay,' Goel said.
Suspected incidents can be reported to the national cybercrime helpline or through official TGCSB channels. With over 300 cases in under three weeks, authorities stress that early reporting is critical to limiting financial damage.
Point of View
And the pace suggests organised criminal infrastructure rather than opportunistic attacks. What makes the Boss Scam particularly dangerous is that it exploits organisational culture: the instinct to obey a superior quickly, without question. India's heavy reliance on WhatsApp for workplace communication — including at the executive level — creates a structural vulnerability that no single advisory can fully patch. The TGCSB alert is necessary, but the deeper fix requires organisations to normalise out-of-band verification for any financial instruction, regardless of how senior the apparent sender is. Until that becomes reflex, the attack surface remains wide open.
NationPress
24 Jun 2026
Frequently Asked Questions
What is the 'Boss Scam' or CEO Impersonation Fraud?
The Boss Scam is a cyber fraud where criminals send malicious ZIP or RAR files via email or WhatsApp, posing as compliance documents. Once opened, the malware hijacks the victim's Web WhatsApp session, allowing fraudsters to impersonate senior officials and pressure employees into making unauthorised financial transfers.
How many cases of Boss Scam have been reported in India?
More than 300 complaints have been reported across India within approximately 20 days, according to the TGCSB. The rapid rise prompted the Indian Cyber Crime Coordination Centre (I4C) to issue a national advisory.
Who is most at risk from the Boss Scam?
Senior executives, government officials, business owners, and finance team members are the primary targets. Organisations that rely heavily on WhatsApp and email for internal communications are especially vulnerable.
What are the red flags of a Boss Scam attempt?
Key warning signs include unexpected ZIP or RAR attachments, messages demanding 'urgent compliance' or 'immediate action', requests to transfer funds or share confidential data, instructions to bypass standard approval procedures, and pressure to act without independent verification.
What should you do if you suspect a Boss Scam?
Do not respond to the message or open any attachment. Verify the request independently through a trusted, official channel such as a direct phone call. Immediately inform your IT or security team, preserve all relevant evidence, and report the incident to cybercrime authorities without delay.
