The Kerala Police have issued a comprehensive advisory warning companies, public institutions, and corporate establishments about the rising threat of the “boss scam”. This specialized form of digital fraud combines technical malware injection with heavy social engineering, specifically targeting administrative systems to trick corporate employees into transferring substantial organizational assets into fraudulent accounts. State cyber cells emphasized that corporate frameworks must upgrade their financial verification loops to combat the increasingly deceptive nature of these executive impersonation traps.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
The Initial Panic Phase and Malware Deployment
The execution of the fraud follows a calculated, multi-stage path designed to exploit bureaucratic vulnerabilities and create administrative panic. Fraudsters initiate the attack sequence by generating highly realistic, counterfeit communications that mimic official notifications from regulatory authorities like the Reserve Bank of India (RBI) or official external audit teams. These deceptive alerts are forwarded directly to senior company executives and core finance department staff, falsely alleging immediate statutory violations or demanding urgent compliance inspections.
To resolve the artificial crisis, the perpetrators provide custom compressed archive folders, such as ZIP files, which they claim contain necessary verification guidelines or audit logs. Once an unsuspecting employee opens the archive, a hidden malware script is instantly executed on the host system, granting the attackers deep remote access to the organization’s network architecture and local devices. The compromise allows the digital infiltrators to silently map out internal employee structures and study administrative communication habits without triggering standard endpoint security alerts.
Credential Hijacking and Fake Executive Mandates
With remote access firmly established, the cybercriminals proceed to create duplicate, lookalike social media profiles or directly hijack the legitimate communication lines of high-ranking corporate leaders. The attackers frequently exploit active WhatsApp Web sessions running on the compromised office computers, taking full control of the executive’s messaging portal. By utilizing an authentic account, the fraudsters effectively bypass basic electronic filtering layers and traditional employee suspicion.
Posing directly as the Chief Executive Officer (CEO), Managing Director, or another top-tier administrator, the intruders message subordinate finance personnel with urgent directives to clear immediate capital disbursements. Because the commands appear to originate directly from their superior’s verified personal chat line, employees often bypass standard operational validation checks and fast-track the requested transfers, inadvertently siphoning off company funds to offshore or proxy bank accounts.
Preventive Protocols and Double Blind Verifications
To mitigate the escalating risks associated with executive impersonation, the Kerala Police advised corporate employees to establish strict secondary verification mechanisms and completely stop relying solely on WhatsApp or email messages when processing high-volume financial transactions. Finance personnel are strongly urged to directly contact senior officials through independent voice or face-to-face channels to cross-verify any atypical asset transfer request before initiating a bank clearance.
The technical release also explicitly cautioned against opening unsolicited ZIP, EXE, or DLL files received from unknown or unverified digital channels, urging IT departments to consistently monitor the linked devices section of all official communication apps to flush out unauthorized active sessions. Furthermore, organizations have been advised to introduce multi-level approval layers for all financial transactions to minimize insider fraud vulnerabilities. If an enterprise falls victim to an active cyber extortion or impersonation ring, they are directed to immediately report the digital footprint to the national cybercrime helpline at 1930 or file a swift complaint on the central official portal to initiate fast-tracked monetary containment.
