The Telangana Cyber Security Bureau has warned citizens about the rising “Boss Scam” or CEO impersonation fraud, in which cybercriminals use malicious files to gain access to devices and impersonate senior officials to trick victims into making financial transfers.
Published Date – 24 June 2026, 06:02 PM
Hyderabad: The Telangana Cyber Security Bureau (TGCSB) has issued an advisory alerting citizens about the “Boss Scam” or CEO Impersonation Fraud.
The TGCSB stated that cybercriminals are targeting senior executives, government officials, business owners and organisational leaders through malicious files sent via email and WhatsApp under the guise of urgent regulatory or compliance-related communications.
“More than 300 complaints have been reported across the country within a span of nearly 20 days, indicating a significant increase in such incidents,” said Shikha Goel, Director, TGCSB.
Explaining the modus operandi, the official said that fraudsters send emails or WhatsApp messages containing malicious ZIP/RAR files disguised as compliance documents, notices or urgent communications.
“Once opened, malware gets installed on the victim’s device. The malware enables unauthorised access to active WhatsApp Web sessions and other information. Cybercriminals then impersonate senior officials and send fraudulent instructions to employees or finance teams. Victims are pressured into making urgent financial transfers or sharing confidential information,” the official said.
The police asked citizens to remain alert if they receive unexpected ZIP/RAR attachments, messages marked “Urgent Compliance” or “Immediate Action Required”, requests for confidential financial transactions, instructions received only through email or WhatsApp, requests to bypass established approval procedures, or pressure to act immediately without verification.
The police advised citizens to verify finance-related instructions through a direct phone call or official communication channel and not to open suspicious attachments or files received from unknown or unverified sources. They were also advised to regularly review active WhatsApp Web sessions and log out from unused devices. Citizens should enable Multi-Factor Authentication (MFA) wherever possible and follow established organisational approval processes for financial transactions, the police suggested.
