The Securities and Exchange Board of India (SEBI) said Friday that listed companies and regulated entities should be wary of a rising cyber-fraud scheme called the “Boss Scam” [1, 2].

This alert comes as financial criminals increasingly use sophisticated technology to bypass traditional security protocols. By impersonating top executives, fraudsters can manipulate employees into bypassing standard verification processes to authorize urgent, fraudulent transfers.

In these schemes, attackers impersonate senior executives, such as CEOs or managing directors, to trick corporate finance teams into transferring funds [3, 4]. The fraud typically begins with a request for an urgent payment, often framed as a confidential business deal or an emergency requirement [5, 6].

SEBI said the sophistication of these attacks has grown due to the integration of artificial intelligence [5]. Fraudsters are now leveraging AI deepfakes and voice cloning to make impersonations more convincing [5]. These tools allow criminals to mimic the voice and appearance of a company leader, making it harder for staff to detect the deception.

Beyond AI, the scams utilize a variety of communication channels to establish trust and urgency [5, 6]. This includes the use of email, WhatsApp, and other messaging platforms to maintain contact with the targeted employee [6]. Once the victim is convinced they are speaking with their superior, they are directed to send money to accounts controlled by the scammers [1, 2].

The regulator said regulated entities in the Indian capital markets should strengthen their internal controls [1, 2]. SEBI said there is a need for rigorous verification of payment requests, regardless of the seniority of the person requesting the funds [3, 4].

Companies are advised to implement multi-factor authentication and establish clear protocols for high-value transactions [5]. The warning serves as a directive for firms to educate their employees on the risks of social engineering, and the specific markers of impersonation fraud [6].

Fraudsters are now leveraging AI deepfakes and voice cloning to make impersonations more convincing.

The rise of the 'Boss Scam' highlights a critical shift in corporate cybersecurity where the human element is the primary vulnerability. As AI deepfakes lower the barrier for convincing impersonations, traditional 'trust-based' authorizations in corporate finance are becoming obsolete. This regulatory warning suggests that SEBI views AI-driven social engineering as a systemic risk to the stability of listed firms and the integrity of the Indian capital markets.