[
The advisory follows an alert from the Indian Cyber Crime Coordination Centre (I4C), which has flagged a rise in CEO/MD impersonation fraud targeting organisations through email, WhatsApp, Microsoft Teams and other social media platforms.
According to Sebi, fraudsters impersonate senior executives and send messages or make calls directing subordinates to urgently transfer money to specified bank accounts. In some cases, fraudsters use artificial intelligence tools such as voice cloning and deepfake video calls to make the impersonation appear genuine.
The regulator said another method involves sending a compressed ZIP file containing malicious software. Once the file is opened on a Windows device, the malware hijacks active WhatsApp Web sessions, allowing fraudsters to gain access to the victim’s account and send payment instructions to finance or accounts personnel.
In some instances, cybercriminals may also alter the contact list on a compromised device, saving their own number under the name of the CEO or Managing Director to deceive employees into executing fund transfers, Sebi, said.
“Fraudsters are targeting CEOs or high-ranking officials via email or WhatsApp by impersonating them. The communication through email/WhatsApp/Microsoft Teams/other social media platforms with their subordinates or counterparts, directs them to carry out instructions given to them resulting in transfer of funds to fraudsters,” Sebi said in a statement.
The regulator advised listed companies and regulated entities to independently verify requests received through WhatsApp, email or social media by directly calling the concerned senior official.It also asked organisations not to transfer funds solely on the basis of instructions received through social media platforms and to avoid installing executable files without first verifying the sender’s identity.
Further, Sebi urged entities to log out of inactive WhatsApp Web sessions and immediately report cyber fraud incidents by calling the national cybercrime helpline 1930 or through the Cyber Crime portal.
The regulator said it issued the advisory after I4C observed an increasing trend of cybercriminals targeting high-ranking officials and finance executives through CEO or MD impersonation schemes to fraudulently obtain fund transfers.
https://img.etimg.com/thumb/msid-132461763,width-1200,height-630,imgsize-55652,overlay-etmarkets/articleshow.jpg
https://economictimes.indiatimes.com/markets/stocks/news/sebi-warns-listed-firms-regulated-entities-against-rising-boss-scam-cyber-fraud/articleshow/132461763.cms




