SEBI Sounds AI Fraud Alert : Beware of the New ‘Boss Scam’ Targeting Companies

By Rakesh

Synopsis : The Securities and Exchange Board of India (SEBI) has issued a strong warning to listed companies and regulated entities about a rising AI-powered "Boss Scam" in which cybercriminals impersonate senior executives to trick employees into transferring funds.


SEBI Sounds AI Fraud Alert: Beware of the New ‘Boss Scam’ Targeting Companies


With fraudsters using AI-generated emails, WhatsApp messages, video calls, and collaboration platforms to appear genuine, SEBI has urged organizations to adopt stricter verification protocols and strengthen cybersecurity practices.


SEBI Warns Against AI-Powered Executive Impersonation

India's capital markets regulator, the Securities and Exchange Board of India (SEBI), has alerted listed companies and regulated entities about an emerging cyber threat known as the "Boss Scam."


The warning comes amid a growing number of sophisticated cyber fraud attempts where criminals leverage artificial intelligence to impersonate top executives, including Chief Executive Officers (CEOs) and Managing Directors (MDs), to deceive finance teams into authorizing fraudulent fund transfers.


SEBI emphasized that businesses must remain vigilant as AI technologies are making fraudulent communications increasingly difficult to distinguish from legitimate ones.


How the 'Boss Scam' Works

According to SEBI, fraudsters exploit artificial intelligence and digital communication tools to convincingly impersonate senior management.


These scams typically involve fake instructions sent through:

  • WhatsApp
  • Email
  • Microsoft Teams
  • Video calls
  • Other social media and messaging platforms

The fraudulent messages often create a sense of urgency, instructing finance officials or employees to transfer money to bank accounts controlled by cybercriminals.


Because AI can replicate voices, generate realistic videos, and mimic writing styles, victims may mistakenly believe they are communicating directly with company leadership.


Malware and WhatsApp Hijacking Add to the Risk

SEBI also warned that cybercriminals are using malicious compressed files and executable programs as part of these attacks.


These files can:

  • Infect computers and mobile devices
  • Hijack active WhatsApp Web sessions
  • Modify contact lists
  • Enable unauthorized access to sensitive information
  • Facilitate fraudulent payment requests

The regulator noted that such attacks can compromise internal communications and significantly increase the chances of financial fraud.


SEBI's Key Safety Recommendations

To reduce the risk of falling victim to AI-powered impersonation scams, SEBI has advised companies to implement robust verification procedures.


Recommended Precautions

  • Verify payment instructions by directly calling the concerned senior executive through a trusted phone number.
  • Never authorize fund transfers solely based on WhatsApp messages, emails, video calls, or other digital communications.
  • Avoid downloading or installing unverified executable files or suspicious compressed attachments.
  • Regularly log out of unused WhatsApp Web sessions to prevent unauthorized access.
  • Strengthen internal approval mechanisms for high-value financial transactions.
  • Immediately report suspected cyber fraud to the National Cybercrime Helpline and relevant authorities.


Why AI-Based Scams Are Becoming More Dangerous

Artificial intelligence has significantly enhanced the capabilities of cybercriminals. Modern AI tools can imitate voices, create convincing deepfake videos, and generate highly personalized messages that closely resemble legitimate communications from senior executives.


As businesses increasingly rely on digital communication platforms and remote collaboration tools, organizations face greater exposure to sophisticated social engineering attacks. This makes employee awareness, cybersecurity training, and multi-level verification processes more critical than ever.


The Road Ahead

Cybersecurity experts believe AI-powered impersonation scams will continue to evolve as artificial intelligence becomes more advanced and accessible. Companies must complement technological security measures with strong governance practices, employee education, and strict financial approval workflows.


SEBI's advisory serves as a timely reminder that organizations should never rely solely on digital instructions for financial transactions. Independent verification and robust cyber hygiene remain the strongest defenses against emerging AI-enabled fraud.


DisclaimerThis article is for informational purposes only and should not be considered legal, cybersecurity, or financial advice. Organizations should follow official SEBI guidelines and consult qualified professionals to strengthen their cybersecurity and fraud prevention measures.

Post a Comment

0 Comments
Post a Comment (0)
To Top