Cybercriminals Use 'Boss Scam' to Defraud Companies via Malware
Quick Look
- Cybercriminals are using a 'Boss Scam' to defraud companies by impersonating regulators and sending malicious files that hijack WhatsApp sessions, tricking employees into fraudulent financial transfers.
- The Indian Cyber Crime Coordination Centre (I4C) advises verifying urgent financial requests through multiple channels.
AI-generated summary
Why It Matters
Cybercriminals are increasingly using impersonation tactics to defraud organizations. The 'Boss Scam' specifically leverages malware delivered via email or WhatsApp to compromise devices and hijack communication channels for financial fraud.
Cybercriminals are employing a new 'Boss Scam' to defraud companies. Impersonating regulators, they send malicious files via email or WhatsApp to executives, claiming urgent compliance needs. Once opened on Windows devices, the malware hijacks WhatsApp sessions, allowing fraudsters to trick employees into making fraudulent financial transfers. Companies are urged to verify urgent financial requests through multiple channels, not just text or email.
New Delhi: The Indian Cyber Crime Coordination Centre (I4C), under the union home ministry, on Monday said it has observed an emerging trend in cybercrime referred to as the 'Boss Scam' or CEO impersonation fraud.
Cybercriminals are targeting high-ranking officials and executives by delivering malicious archives via email or WhatsApp under the guise of urgent regulatory compliance. Once executed, the malware compromises the executive's Windows device and active Web WhatsApp sessions, enabling fraudsters to message subordinate employees and orchestrate fraudulent financial transfers, according to I4C.
Also Read: What is ‘WhatsApp Screen Mirroring Fraud’ that can drain your bank account and lead to identity theft?
While sharing the modus operandi, I4C noted that sophisticated cybercriminals contact CEO or high-ranking officials via email or WhatsApp, impersonating regulators such as the Reserve Bank of India. The communication falsely claims regulatory violation or mandates an urgent security improvement, demanding a response within a very short timeframe.
The message purportedly contains a compressed . zip archive. Inside this archive is a malicious executable (. exe) accompanied by a Dynamic Link Library (. dll) file. As seen in multiple cases, the CEO forwards the message to the finance officer. Upon receiving the message, the executive extracts and executes the file on a Windows desktop or laptop, a Trojan dropper is initiated. The malware establishes a persistent foothold, compromises the system, and hijacks the active Web WhatsApp session tokens, the I4C said in an advisory.
Live Events
Also Read: PSBs told to tighten scrutiny of government accounts amid fraud concerns
It said finance departments of the companies should verify the request of any urgent financial transactions or account changes based solely on a WhatsApp text or email.
Open Questions
- What specific malware is being used?
- How widespread is this scam currently?
- What are the recommended technical defenses?
