SEBI warns listed firms, regulated entities against ‘Boss Scam’ involving CEO, MD impersonation
AI Summary
The Securities and Exchange Board of India (SEBI) has issued a warning to listed companies about a rising cyber fraud known as the 'Boss Scam', where fraudsters impersonate senior executives to trick finance officials into transferring funds. SEBI advises companies to verify payment requests through direct communication and to avoid opening suspicious files from unknown sources to mitigate risks associated with this scam.
Mumbai (Maharashtra) [India], July 17 (ANI): The Securities and Exchange Board of India (SEBI) on Friday cautioned listed companies and regulated entities against an emerging cyber fraud known as the "Boss Scam", in which fraudsters impersonate as Chief Executive Officers (CEOs), Managing Directors (MDs) and other senior officials to trick finance executives into transferring funds.
SEBI said the advisory has been issued after the Indian Cyber Crime Coordination Centre (I4C) informed the market regulator about the growing trend of such frauds.
SEBI said it is issuing this Press Release as "I4C has observed an emerging trend in cybercrime referred to as the "Boss Scam" or CEO/MD impersonation fraud whereby fraudsters are targeting high-ranking officials/finance executives which compels them to transfer of funds to fraudsters".
According to SEBI, fraudsters are targeting CEOs and other senior officials through email, WhatsApp and other social media platforms. They then communicate with finance officials or other employees by impersonating these senior executives and direct them to transfer funds to accounts controlled by fraudsters.
The regulator said cyber criminals are using two major methods to carry out the fraud.
Under the first method, fraudsters use deepfake technology, including AI-generated voice cloning, fake video calls and false social media groups to impersonate CEOs or MDs.
Finance officials are then instructed to transfer money to a specified bank account. In some cases, they are also told not to disclose the transaction by claiming that it relates to Unpublished Price Sensitive Information (UPSI).
Under the second method, fraudsters send a compressed .zip file through messages. The file contains a malicious executable file along with a Dynamic Link Library (DLL) file. If the file is opened on a Windows computer, malware is installed that can hijack the user's active WhatsApp Web session.
SEBI said once the fraudsters gain access to the finance officer's WhatsApp account, they contact accounts or finance employees and instruct them to make urgent payments to specified mule bank accounts.
In some cases, if the attackers gain complete control of the device, they secretly change the contact list by saving the fraudster's phone number under the name of the CEO or MD and then use that number to issue payment instructions.
The market regulator advised listed companies and regulated entities to remain cautious and verify all payment requests received through WhatsApp, email or social media platforms by directly calling senior officials. It also advised companies not to transfer funds solely on the basis of instructions received through social media platforms.
SEBI further urged organisations not to install executable files received from unknown or unverified sources, even if they appear to have been sent by a known person, without first confirming the sender's identity. It also advised users to log out of WhatsApp Web sessions that are not actively being used.
The regulator asked companies to immediately report any such fraud or cybercrime incident by calling the national cybercrime helpline 1930 or reporting it through the National Cyber Crime Reporting Portal.
Disclaimer: This story has been published from a wire agency feed without modifications to the text.
Catch all the Business News , Corporate news , Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
Original Article
Published on Livemint