Kerala Police have warned companies and institutions about the growing threat of the “boss scam”, a cyber fraud in which criminals impersonate senior executives and pressure employees into transferring company funds. The warning was issued on Sunday, June 28, 2026, with police advising organisations to strengthen verification before processing financial transactions.
Fake Urgent Messages Used to Create Panic
In a statement, police said fraudsters first create panic by sending fake urgent messages that appear to be from the Reserve Bank of India or official audit teams. These messages are sent to senior executives and finance department staff to make the communication appear credible.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
The scammers then send ZIP files containing malware. Once opened, the files allow them to gain access to an organisation’s computer systems.
After gaining access, the fraudsters either create fake profiles of senior officials or hijack their accounts. They then use WhatsApp Web to send messages posing as CEOs or other top executives.
Employees Told to Verify Payment Requests
Police said the fraudsters direct employees to urgently transfer money, leading to siphoning of company funds. The scam relies on authority, urgency and internal trust within organisations.
The police advised employees not to rely solely on WhatsApp or email messages while processing financial transactions. They should directly contact senior officials and verify any request before transferring large sums of money.
Companies have also been advised to introduce multi-level approval mechanisms for financial transactions to reduce the risk of fraud.
Warning Against Malware Files
The statement cautioned organisations against opening ZIP, EXE or DLL files received from unknown sources. Police also advised regular checks of the “linked devices” section of WhatsApp to ensure that no unauthorised devices are connected.
Authorities said anyone who falls victim to cyber financial fraud should immediately report the incident through the cyber helpline number 1930 or lodge a complaint through the official cybercrime reporting system.
The advisory underlines the need for companies to strengthen internal payment controls and employee awareness as fraudsters increasingly use impersonation, malware and messaging platforms to target business funds.
