SEBI Warns Listed Firms and Regulated Entities Against Rising ‘Boss Scam’ Cyber Fraud
Capital markets regulator SEBI has raised an alarm over a rapidly escalating cyber threat known as the ‘Boss Scam’, specifically targeting corporate organizations. SEBI has issued a strict advisory to all listed companies and regulated entities, warning them about highly coordinated fraud syndicates that siphon off massive corporate funds by impersonating Chief Executive Officers (CEOs), Managing Directors (MDs), and other senior management personnel.
The advisory was formulated based on a detailed intelligence report provided by the Indian Cyber Crime Coordination Centre (I4C). These cybercriminals specifically target the finance and accounting departments of large corporations, manipulating employees into authorizing unauthorized, high-value financial transfers.
AI-Powered Impersonation Tactics
The modus operandi of these scammers goes far beyond simple phishing emails. Cybercriminals are actively exploiting communication platforms like WhatsApp, Microsoft Teams, and standard corporate email networks to initiate contact. To make their requests appear highly authentic and urgent, fraudsters are leveraging advanced Artificial Intelligence (AI) technology—including deepfakes and voice cloning—to perfectly mimic the communication style and voice of top executives.
Key SEBI Directives and Reporting Protocol
To safeguard corporate treasuries from these sophisticated attacks, SEBI has laid down strict operational guidelines for finance teams:
Do not blindly trust or execute any fund transfer requests initiated via social media messages, corporate chat tools, or emails, regardless of the perceived urgency.
Always implement a strict secondary verification protocol by directly calling the concerned senior official to manually confirm the transaction request.
In the event of a suspected fraud attempt or a successful financial breach, immediately report the incident to the National Cyber Crime reporting helpline at 1930 or file a formal complaint on the official government cybercrime portal.






