SEBI Warns Listed Firms, Regulated Entities Against Rising 'Boss Scam' Cyber Fraud

Sebi has warned listed companies and regulated entities about the rising "Boss Scam", in which fraudsters impersonate CEOs and senior executives to obtain unauthorised fund transfers. The regulator advised organisations to verify payment requests independently and report cyber fraud through the national helpline or Cyber Crime portal.

Add FPJ As a
Trusted Source
SEBI Warns Listed Firms, Regulated Entities Against Rising 'Boss Scam' Cyber Fraud
PTI Updated: Friday, July 17, 2026, 06:58 PM IST
SEBI Warns Listed Firms, Regulated Entities Against Rising 'Boss Scam' Cyber Fraud

Sebi has cautioned listed companies and regulated entities against a rise in CEO impersonation scams targeting finance teams | AI Generated Representational Image

New Delhi, July 17, 2026: Markets regulator Sebi on Friday cautioned regulated entities and listed companies against an emerging cyber fraud known as the "Boss Scam", in which fraudsters impersonate chief executives or other senior officials to trick finance teams into transferring funds.

The advisory follows an alert from the Indian Cyber Crime Coordination Centre (I4C), which has flagged a rise in CEO/MD impersonation fraud targeting organisations through email, WhatsApp, Microsoft Teams and other social media platforms.

Fraudsters Impersonate Executives

According to Sebi, fraudsters impersonate senior executives and send messages or make calls directing subordinates to urgently transfer money to specified bank accounts. In some cases, fraudsters use artificial intelligence tools such as voice cloning and deepfake video calls to make the impersonation appear genuine.

The regulator said another method involves sending a compressed ZIP file containing malicious software. Once the file is opened on a Windows device, the malware hijacks active WhatsApp Web sessions, allowing fraudsters to gain access to the victim's account and send payment instructions to finance or accounts personnel.

In some instances, cybercriminals may also alter the contact list on a compromised device, saving their own number under the name of the CEO or Managing Director to deceive employees into executing fund transfers, Sebi said.

"Fraudsters are targeting CEOs or high-ranking officials via email or WhatsApp by impersonating them. The communication through email/WhatsApp/Microsoft Teams/other social media platforms with their subordinates or counterparts directs them to carry out instructions given to them, resulting in the transfer of funds to fraudsters," Sebi said in a statement.

Sebi Issues Advisory

The regulator advised listed companies and regulated entities to independently verify requests received through WhatsApp, email or social media by directly calling the concerned senior official.

It also asked organisations not to transfer funds solely on the basis of instructions received through social media platforms and to avoid installing executable files without first verifying the sender's identity.

Further, Sebi urged entities to log out of inactive WhatsApp Web sessions and immediately report cyber fraud incidents by calling the national cybercrime helpline 1930 or through the Cyber Crime portal.

Also Watch:

The regulator said it issued the advisory after I4C observed an increasing trend of cybercriminals targeting high-ranking officials and finance executives through CEO or MD impersonation schemes to fraudulently obtain fund transfers.

(Disclaimer: Except for the headline, this article has not been edited by FPJ's editorial team and is auto-generated from an agency feed.)

Published on: Friday, July 17, 2026, 06:58 PM IST

RECENT STORIES