Fake "boss" message on WhatsApp tricks the accounts team into wiring company funds
Fraudsters hijack the CEO's WhatsApp via malware or fake a profile with the boss's photo, then message finance staff to transfer funds urgently. A Mumbai firm lost ₹10.4 crore; I4C issued a formal advisory on June 22, 2026.
Also known as: boss scam, WhatsApp CEO impersonation fraud, executive WhatsApp session hijack, corporate BEC WhatsApp India
Already happened to you? Do this in the next few minutes
Call 1930 now- 1 Call 1930 — the national cyber-crime helpline — right now. The sooner you report, the better the chance of freezing the money before it moves.
- 2 Call your bank to freeze the account and block the card immediately. Use the number printed on your card, never a number from the message or caller.
- 3 File a report at cybercrime.gov.in and keep every message, screenshot, and transaction ID.
- ! If you installed any "support", "server", "refund", or remote-access app at their request (AnyDesk, TeamViewer, Quick Support, etc.): disconnect the internet now, then run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
What to do right now
- 1 Never authorize a NEFT, RTGS, or IMPS transfer based solely on a WhatsApp message — call the supposed sender on their known direct number or visit them in person to confirm
- 2 If the 'boss' says they cannot take calls, verify through a second channel: email to their known address, message to their PA, or a colleague who can physically reach them
- 3 Do not open .zip or .exe files received via WhatsApp or email from contacts claiming to be regulators — the RBI, SEBI, and CBI never send security fixes or compliance tools as attachments
- 4 If the CEO's WhatsApp account is suspected compromised, immediately go to WhatsApp Settings → Linked Devices and log out all sessions; then change the account's two-step verification PIN
- 5 If you installed any 'support' or 'server' or 'refund app' or remote-access app at the scammer's request (AnyDesk, TeamViewer, Quick Support, etc.), run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
- 6 If transfers were already made, call your bank's fraud line immediately to initiate a NEFT/RTGS recall — every hour matters before funds are layered through mule accounts
- 7 Report at https://cybercrime.gov.in or call 1930 (national cyber helpline).
Was remote-access software installed?
If a scammer asked you to install AnyDesk, TeamViewer, Quick Support, or any remote-access app, your device may still be compromised.
Run SeraphSecure to detect and remove it →Red flags
- ⚠ Any WhatsApp message from the 'boss' asking for an urgent wire transfer without a simultaneous voice call to confirm — real executives use company channels for payments
- ⚠ The sender's number is different from the boss's known contact, but uses the boss's profile photo — scammers download public photos to fake identity
- ⚠ Message says 'I'm in a meeting, can't take calls — please transfer immediately and don't discuss with anyone' — isolation and urgency are the two levers
- ⚠ An email or WhatsApp message from a 'regulatory authority' (RBI, SEBI, CBI) contains a .zip or .exe attachment — real regulators never send executable compliance tools
- ⚠ The transfer destination is a new or unfamiliar account, vendor, or 'emergency fund' — verify any new payee through official channels
Known variants
-
Employee-phone compromise: malware sent as a ZIP to finance staff (not the CEO) installs contact-manipulation code that replaces the MD's saved number with an attacker-controlled one. WhatsApp messages then appear to come from 'the MD'. Two Mumbai firms lost ₹3.48 crore this way in June 2026.
Last seen: 7/8/2026
-
Profile-photo impersonation (Kolhapur, July 6, 2026): attacker created a WhatsApp account using the CEO's photo and messaged the accounts officer directly. The accounts officer transferred ₹80.50 lakh via RTGS believing it was the CEO's instruction. Complaint filed with Kolhapur cyber cell.
Last seen: 7/6/2026
Sources
- I4C / ANI — Rising 'Boss Scam' threat targets senior executives: Warns I4C (June 22, 2026)
- The Tribune — Boss Scam alert: Fraudsters posing as regulators target CEOs to siphon company funds (June 2026)
- Business Standard — Corporate honchos on radar of cyber criminals; I4C warns of Boss Scam (June 22, 2026)
- Deccan Herald — Boss Scam: Cyber criminals targeting company executives via WhatsApp fraud alerts (June 2026)
- Storyboard18 — WhatsApp Scam Costs Indian Firm ₹10.4 Crore After Employee Acts on Fake Boss's Orders
- AajTak — WhatsApp CEO Scam Led to ₹10 Crore Fraud; Delhi Police Bust Cyber Syndicate (June 17, 2026)
- AajTak — Former PM's son Naresh Gujral victim of WhatsApp scam; ₹7.8 crore cyber fraud (June 18, 2026)
- India TV News — Government warns of new 'Boss Scam': Cybercriminals target CEOs and senior officials via WhatsApp (June 24, 2026)
- Free Press Journal — Boss Scam on WhatsApp: New CEO Fraud Bypasses Traditional Cybersecurity Checks (June 2026)
- TOI / India Business — Two Mumbai firms lose ₹3.48 crore after malicious ZIP on employee phones enables WhatsApp impersonation (June 2026)
- The420.in — Kolhapur company loses ₹80.50 lakh to CEO impersonation via WhatsApp (July 2026)
- The420.in — WhatsApp impersonation of company chairman costs Rajasthan firm ₹5.30 crore (July 2026)
- Lokmat Times — Kolhapur firm CEO impersonated on WhatsApp; ₹80.50 lakh transferred in RTGS fraud (July 6, 2026)