Hyderabad, June 25, 2026: The Telangana Cyber Security Bureau (TGCSB) has issued a public advisory warning citizens and organizations about a growing cyber fraud known as the “Boss Scam” or CEO Impersonation Fraud, which is targeting business leaders, government officials, and corporate employees across India. Recent reports indicate that more than 300 complaints related to the scam have been recorded nationwide within a short period, highlighting the increasing threat posed by cybercriminals.
What Is the ‘Boss Scam’?
The Boss Scam is a sophisticated form of cyber fraud in which criminals impersonate senior executives, company directors, CEOs, or government officials to deceive employees into transferring money or sharing sensitive information. Fraudsters typically exploit the trust and authority associated with senior leadership positions to pressure victims into taking immediate action.
According to cybersecurity authorities, attackers often begin by targeting senior executives through emails or WhatsApp messages disguised as urgent regulatory communications or compliance notices. Once access is gained, fraudsters may misuse compromised accounts to send fraudulent instructions to finance teams and employees.
How the Fraud Operates
Investigators say cybercriminals frequently send malicious files disguised as important documents related to compliance, taxation, banking, or regulatory requirements. When these files are opened, malware can infect devices, allowing attackers to gain access to email accounts, messaging platforms, and sensitive corporate information.
After gaining access, scammers impersonate senior officials and issue urgent requests for financial transfers, confidential data, or business documents. The instructions are often designed to appear legitimate and time-sensitive, reducing the likelihood that employees will verify them through normal channels.
Why Businesses Are Being Targeted
Cybersecurity experts warn that organizations with hierarchical structures are particularly vulnerable because employees may hesitate to question instructions that appear to come from top management. Finance departments, accounts teams, and administrative staff are often the primary targets of such attacks.
The scam has evolved beyond simple email fraud and now includes compromised WhatsApp accounts, spoofed identities, and malware-based attacks that make detection more difficult.
TGCSB’s Safety Recommendations
The Telangana Cyber Security Bureau has advised organizations and individuals to adopt the following precautions:
- Verify all financial instructions received through email, WhatsApp, or SMS using a separate communication channel.
- Avoid opening suspicious attachments or clicking links received from unknown sources.
- Implement multi-factor authentication for official accounts.
- Conduct regular cybersecurity awareness training for employees.
- Report suspicious activity immediately to cybercrime authorities.
The agency has emphasized that no financial transaction should be processed solely based on digital instructions without independent verification.
Growing Concern Across India
Cybercrime agencies have noted a significant increase in CEO impersonation fraud cases in recent weeks. Authorities believe that increased digital communication and remote business operations have created new opportunities for cybercriminals to exploit organizational trust and communication gaps.
As cyber threats continue to evolve, experts are urging businesses to strengthen internal verification procedures and encourage employees to remain cautious when handling financial requests that appear urgent or unusual.
Stay Vigilant
Cybersecurity officials have urged the public to remain alert and verify requests before acting. Any suspected cyber fraud can be reported through the National Cyber Crime Reporting Portal or by calling the cybercrime helpline 1930.
Source: Telangana Cyber Security Bureau (TGCSB) Advisory
