Kerala Police Alert: ‘Boss Scam’ Cyber Fraud Threatens Businesses
By Varun Mittal
Kerala Police warns businesses of the escalating ‘boss scam’ cyber fraud. Learn how criminals impersonate executives and steal funds, and how to protect your company.
🔥 Main Takeaway
Cyber fraudsters are weaponizing impersonation and malware in a new “boss scam,” prompting Kerala Police to warn businesses about urgent financial threats.
📌 What Happened?
On Sunday, June 28, 2026, the Kerala Police issued an advisory to companies and institutions across Kerala regarding a significant rise in the “boss scam.”
This cyber fraud involves criminals impersonating senior executives to coerce employees into transferring company funds under false pretenses.
Fraudsters initiate panic by sending fake urgent messages, often appearing to be from entities like the Reserve Bank of India or official audit teams, targeting senior executives and finance staff.
They then deploy malware-infected ZIP files to gain unauthorized access to computer systems, subsequently creating fake profiles or hijacking existing senior official accounts.
These compromised accounts are used to send fraudulent payment instructions, frequently via WhatsApp Web, making the requests seem legitimate to unsuspecting employees.
💰 Why It Matters
This scam poses a severe direct financial risk to businesses, with the potential for substantial losses from unauthorized transfers and significant reputational damage.
Employees face immense pressure and potential liability, highlighting the critical need for heightened vigilance and robust internal verification processes.
The rise of this scam signals a worrying evolution in cyber threats, moving beyond external breaches to target internal corporate controls and human vulnerabilities.
It underscores a critical trend where common communication platforms like WhatsApp and email are being exploited for high-stakes financial fraud.
👀 What to Watch Next
Companies must immediately strengthen their internal verification protocols and implement multi-level approval systems for all financial transactions to mitigate these risks.
Expect an increased focus on comprehensive employee training programs designed to combat social engineering tactics and the dangers of opening suspicious files such as ZIP, EXE, or DLL.
Organizations should also regularly check WhatsApp’s “linked devices” feature to prevent unauthorized access and report any cyber financial fraud immediately via helpline 1930 or the official cybercrime reporting system.