India Desk July 17, 2026 at 02:04 PM 2 min readindiabreaking

SEBI Warns Companies of Sophisticated Boss Scams

SEBI Advisory on Impersonation:

The Securities and Exchange Board of India (SEBI) has issued a formal warning to all regulated entities regarding the rise of the 'Boss Scam'. In these sophisticated cyber frauds, criminals use deepfake technology and AI-generated voice cloning to impersonate CEOs, managing directors, and senior finance officials. These attackers target employees handling financial transactions to authorize fraudulent payments to unauthorized bank accounts.

Technique and Methodology:

Cybercriminals exploit common messaging platforms such as WhatsApp, Microsoft Teams, and email to build trust or pressure staff into making urgent transfers. The scam often involves sending malicious compressed .zip files that, once opened, deploy malware or Trojan droppers on corporate devices. These tools allow hackers to hijack active WhatsApp Web sessions, enabling them to communicate with accounts personnel using the senior executive's compromised identity to authorize illicit fund transfers.

Cybersecurity Recommendations:

SEBI advises organizations to move away from relying exclusively on digital communication for financial authorizations. The regulator mandates that all payment requests received through social media or email must be independently verified via a direct, voice-confirmed call to the official. Employees are further urged to log out of unused web messaging sessions and avoid opening suspicious files. Organizations suspecting any compromise are instructed to report the activity immediately to the national cybercrime helpline at 1930 to prevent further unauthorized fund movement.
Pulse Intelligence
Context & Impact
  • The rise in AI-driven fraud has seen a significant increase in the use of synthetic voice and video in corporate social engineering attacks throughout 2026.
  • Indian regulatory bodies have been actively strengthening cybersecurity guidelines for listed companies to protect internal financial controls from evolving digital threats.
  • Companies will likely implement stricter, multi-factor verification protocols for all urgent financial transactions exceeding specific thresholds.
  • IT departments are expected to deploy more advanced endpoint detection and response tools to prevent the installation of Trojan droppers on company devices.

No direct market impact, though increased corporate expenditure on cybersecurity software is anticipated in the near term.