According to TGCSB director Shikha Goel, cybercriminals are targeting senior executives, government officials, business owners and organisational leaders by sending malicious files disguised as urgent compliance communications through email and WhatsApp.
Hyderabad: The Telangana Cyber Security Bureau (TGCSB) has issued a public advisory warning citizens, government departments, public sector undertakings and private organisations about an emerging cyber fraud known as the “Boss Scam” or CEO impersonation fraud, which has seen a sharp rise nationwide.
According to TGCSB director Shikha Goel, cybercriminals are targeting senior executives, government officials, business owners and organisational leaders by sending malicious files disguised as urgent compliance communications through email and WhatsApp. More than 300 complaints have been reported across the country within 20 days, indicating a significant surge in such incidents.
Explaining the modus operandi, Goel said fraudsters send ZIP or RAR files posing as regulatory notices or urgent official documents. Once opened, malware installs on the victim’s device, giving criminals unauthorised access to active WhatsApp Web sessions and other sensitive information.
Cybercriminals exploit trust, urgency and authority to manipulate victims into making financial transfers, Goel said, urging employees and organisations to independently verify all financial instructions regardless of the apparent sender’s identity.
Fraudsters then impersonate senior officials and pressure employees or finance teams to transfer funds or share confidential data without following established approval procedures.
The TGCSB advised the public to be wary of unexpected ZIP or RAR attachments, messages marked “Urgent Compliance” or “Immediate Action Required,” and requests for confidential financial transactions. Organisations were urged to verify instructions through official channels, enable multi-factor authentication, review active WhatsApp Web sessions and conduct cyber awareness programmes for employees.
Citizens have been asked to report suspected cyber frauds immediately through the national cybercrime helpline 1930 or the Cyber Crime Reporting Portal.
