The Securities and Exchange Board of India (SEBI) issued an advisory warning listed firms about a cyber-fraud scheme called the “Boss Scam” [1, 2].

This alert highlights a critical vulnerability in corporate security as criminals leverage artificial intelligence to bypass traditional authentication and exploit the high-pressure environment of executive leadership.

The scheme uses AI deepfakes, WhatsApp, and Microsoft Teams to impersonate senior executives [1, 2, 3]. Fraudsters target high-ranking officials and finance executives, tricking them into transferring funds under the guise of urgent or secret requests [2].

According to the advisory, the fraud often exploits the secrecy surrounding unpublished price-sensitive information (UPSI) to convince employees to move money quickly and without verification [2]. The use of malware and AI-generated impersonations allows attackers to create convincing digital replicas of CEOs or managing directors [3].

“I4C has observed an emerging trend in cybercrime referred to as the 'Boss Scam' or CEO/MD impersonation fraud whereby fraudsters are targeting high‑ranking officials/finance executives which compels them to transfer of funds to fraudsters,” the Indian Cyber Crime Coordination Centre (I4C) said [2].

SEBI said the regulator issued the advisory after receiving information from the I4C [1]. The warning is directed at listed companies and regulated entities to prevent the siphoning of funds through these sophisticated social engineering tactics [2].

SEBI said the scam utilizes a combination of AI deepfakes and malware to trigger fraudulent transfers [3]. The regulator urged firms to implement stricter verification protocols for fund transfers, and to remain vigilant against unsolicited requests from leadership via unofficial communication channels [2, 3].

The scheme uses AI deepfakes, WhatsApp, and Microsoft Teams to impersonate senior executives.

The rise of the 'Boss Scam' demonstrates a shift in cybercrime from broad phishing attempts to highly targeted 'whaling' attacks. By utilizing AI deepfakes to mimic the voice and appearance of executives, attackers can override standard corporate skepticism. This forces companies to move beyond digital signatures and toward multi-factor, out-of-band verification for all significant financial transactions.