Telangana Cyber Security Bureau Warns Of Boss Scam After 300 Nationwide Complaints

The Telangana Cyber Security Bureau (TGCSB) issued a public advisory on June 24, 2026, warning government departments, businesses, and organizations about a rapid rise in "Boss Scam" or CEO impersonation fraud. The warning comes after more than 300 complaints related to this cybercrime were reported across the nation over a span of nearly 20 days preceding the advisory.

According to the TGCSB, cybercriminals are targeting senior executives, government officials, business owners, and organizational leaders. The scammers send malicious ZIP or RAR files disguised as urgent regulatory, compliance, or official communications through emails and WhatsApp messages.

Investigators revealed that once a victim opens the malicious attachment, malware is installed on their device. This grants the fraudsters unauthorized access to active WhatsApp Web sessions and other sensitive information stored on the device.

The attackers then use the compromised accounts to impersonate senior officials or company executives. They send direct instructions to subordinate staff, finance teams, or employees, pressuring them to execute urgent financial transfers or disclose confidential information.

The bureau highlighted that the scam heavily exploits trust, authority, and urgency. This psychological pressure often convinces victims to bypass established approval procedures, believing the instructions came directly from their senior leaders.

To prevent such fraud, the TGCSB advised organizations to remain alert to warning signs. These include unexpected ZIP or RAR attachments, messages marked as urgent compliance requests, instructions received solely via email or WhatsApp, and attempts to circumvent standard approval processes.

Officials urged businesses and government departments to independently verify all financial instructions through direct phone calls or official communication channels. The bureau also recommended enabling multi-factor authentication, regularly reviewing active WhatsApp Web sessions, avoiding suspicious attachments, and conducting regular cyber security awareness programs for employees.

Victims or individuals who encounter such fraud attempts are urged to report them immediately by calling the National Cybercrime Helpline on 1930 or through the National Cybercrime Reporting Portal.