SEBI alerts companies regarding Boss Scam, fraud is being done by posing as CEO. Sebi Warns Companies About Boss Scam Where Fraudsters Impersonate Ceos

SEBI has warned companies on ‘Boss Scam’. In this fraud, fraudsters pose as CEO/MD and get funds transferred from finance officers. Fraudsters are using deepfake technology, fake video calls and malware to hijack WhatsApp web sessions.

The Securities and Exchange Board of India (SEBI) on Friday cautioned listed companies and regulated entities against a new cyber fraud called ‘Boss Scam’. In this scam, fraudsters impersonate Chief Executive Officers (CEOs), Managing Directors (MDs) and other senior officials and trick finance officers into transferring funds.

SEBI said this advisory has been issued after the Indian Cyber ​​Crime Coordination Center (I4C) informed the market regulator about the increasing trend of such frauds. SEBI informed that I4C has observed an emerging cyber crime trend in the form of ‘Boss Scam’ or CEO/MD impersonation fraud, wherein fraudsters are targeting high-ranking executives/finance officers and forcing them to transfer funds to the fraudsters.

According to SEBI, fraudsters are targeting CEOs and other senior officials through email, WhatsApp and other social media platforms. They then impersonate these senior officials and contact finance officers or other employees and instruct them to transfer funds to the accounts controlled by the fraudsters.

How does ‘Boss Scam’ happen?

The regulator said that cyber criminals are using two major methods to carry out this fraud.

Method 1: Use of deepfakes and AI

Under the first method, fraudsters use deepfake technology, which includes AI-generated voice cloning, fake video calls and creating fake social media groups, to impersonate a CEO or MD. Finance officers are then instructed to transfer the money to a specific bank account. In some cases, they are also asked not to disclose the transaction by claiming that it relates to Unpublished Price Sensitive Information (UPSI).

Second method: WhatsApp hijacking by malware

In another method, fraudsters send a compressed .zip file through message. This file contains a dangerous executable file along with a dynamic link library (DLL) file. If this file is opened on a Windows computer, a malware is installed that can hijack the user’s active WhatsApp web session.

SEBI said that once the fraudsters gain access to the WhatsApp account of the finance officer, they contact the accounts or finance staff and instruct them to make immediate payments into the specified mule bank accounts. In some cases, if the attackers gain complete control of the device, they surreptitiously change the contact list by saving the fraudster’s phone number in the name of the CEO or MD and then use that number to issue payment instructions.

SEBI’s advice to avoid fraud

The market regulator has advised listed companies and regulated entities to remain vigilant and verify all payment requests received through WhatsApp, email or social media platforms by calling senior officials directly.

It has also advised companies not to transfer funds based solely on instructions received through social media platforms. SEBI has also urged organizations not to install executable files obtained from unknown or unverified sources, even if they appear to be sent by a known person, unless the identity of the sender is first confirmed.

It has also advised users to log out of WhatsApp Web sessions that are not being actively used.

The regulator has asked companies to immediately report any such fraud or cyber crime incident by calling the national cyber crime helpline 1930 or through the national cyber crime reporting portal. (ANI)

(Except for the headline, this story has not been edited by Asianet News editorial staff and is published from a syndicated feed.)

Leave a Comment