TGCSB Issues Urgent Warning Against Rising CEO Impersonation 'Boss Scam'
The Telangana Cyber Security Bureau (TGCSB) has warned of a nationwide surge in “Boss Scam” fraud, where criminals impersonate executives to steal funds. With over 300 recent complaints, authorities urge organizations to verify urgent financial requests and secure digital devices against malware-laden attachments.
Highlights
- •The TGCSB reports a surge in “Boss Scam” cases, with over 300 complaints nationwide in 20 days.
- •Fraudsters impersonate CEOs to trick employees into transferring funds or leaking confidential business data.
- •Attackers use malicious ZIP/RAR files to gain unauthorized access to devices and WhatsApp Web sessions.
- •Authorities advise independent verification of all urgent financial instructions and enabling multi-factor authentication.
The Telangana Cyber Security Bureau (TGCSB) has issued a formal public advisory regarding the alarming rise of a sophisticated cyber threat known as the “Boss Scam.” This form of CEO impersonation fraud has been increasingly reported across the country, prompting urgent calls for heightened vigilance among government departments, public sector undertakings, and private organizations.
According to Shikha Goel, the director of the TGCSB, this deceptive practice involves cybercriminals targeting leadership figures, senior executives, and business owners. Over 300 complaints related to this specific scam have been registered nationwide within just 20 days, highlighting the rapid escalation of this fraudulent activity in the digital landscape.
Understanding the Mechanics of the Boss Scam
The modus operandi of these threat actors relies on exploiting trust and creating a false sense of urgency. Cybercriminals typically send malicious files, often disguised as “urgent compliance” communications or critical official documents, via email and WhatsApp. These files, usually formatted as ZIP or RAR archives, appear legitimate to the unsuspecting recipient. Once a victim opens these files, malware is surreptitiously installed on their device. This grants the attackers unauthorized access to sensitive information, including active WhatsApp Web sessions, which are then used to further the fraud.
Once inside a company’s network or an executive's account, these fraudsters impersonate senior leadership. They apply psychological pressure on employees or financial departments to initiate immediate fund transfers or disclose confidential data, deliberately bypassing established organizational approval procedures. Because the requests appear to originate from a high-level authority, victims are frequently manipulated into compliance before realizing they are being deceived.
Essential Safety Measures and Reporting
To combat the growing threat of the Boss Scam, authorities have outlined several critical protective measures. Organizations and individuals must exercise extreme caution regarding unexpected ZIP or RAR attachments and any messages demanding “Immediate Action.” It is vital to independently verify any financial instructions through official communication channels before acting. Furthermore, implementing multi-factor authentication, regularly reviewing active device sessions, and conducting ongoing cyber awareness training for staff members are highly recommended strategies to fortify defenses against such impersonation tactics.
The TGCSB emphasizes that the fight against this cyber fraud requires proactive engagement. If an individual or organization suspects they have been targeted by such fraudulent attempts, they are advised to report the incident immediately via the national cybercrime helpline at 1930 or by utilizing the official Cyber Crime Reporting Portal. Rapid reporting is essential for authorities to trace these sophisticated criminal networks and prevent further financial losses.
