WhatsApp Hijacking: Kerala Police Alert Corporates On Emerging ‘Boss Scam’ Targeting Finance Teams

Kerala Police have issued a statewide advisory alerting businesses, government offices, and corporate organisations about a rapidly evolving cyber fraud technique known as the “boss scam,” which combines malware attacks with WhatsApp-based executive impersonation to trick employees into transferring large sums of money.

Officials said the scam is becoming increasingly sophisticated, often bypassing traditional security filters by exploiting trust within internal communication systems.

Fake Alerts Used to Trigger Panic in Organisations

According to cybercrime officials, the attack typically begins with fraudulent emails or messages that appear to originate from trusted authorities such as the Reserve Bank of India or external audit agencies.

These messages often claim urgent compliance issues or regulatory violations, creating a sense of panic within finance and administrative teams. Employees are then instructed to open attached files—usually ZIP archives—containing what are presented as “audit documents” or “verification tools.”

Once opened, these files may install malicious software that gives attackers remote access to the infected system, allowing them to monitor internal communications and extract sensitive data.

WhatsApp Web Hijacking Enables Executive Impersonation

After gaining access to internal systems, fraudsters reportedly take control of active messaging sessions, including WhatsApp Web accounts already logged in on office computers.

Using these compromised accounts, attackers impersonate senior executives such as CEOs or directors and issue urgent instructions to finance staff. Because messages appear to come from legitimate leadership accounts, employees often comply without further verification.

Authorities noted that this method allows cybercriminals to bypass suspicion and directly influence financial decisions within organisations.

Fake Urgency Leads to Unauthorized Fund Transfers

In most cases, employees are instructed to process high-value payments immediately, often under the pretext of confidential business requirements or emergency transactions.

Cyber police said that once funds are transferred, they are quickly routed through multiple intermediary accounts, making recovery difficult.

Investigators warned that this type of fraud relies heavily on urgency, authority pressure, and digital impersonation rather than direct hacking of banking systems.

Police Recommend Strict Verification Protocols

Kerala Police have urged organisations to implement stronger internal verification systems, particularly for financial approvals and fund transfers. Officials stressed that no legitimate executive or regulatory authority communicates high-value financial instructions solely through messaging apps or email.

Companies have been advised to:

• Avoid opening unsolicited attachments, especially ZIP or executable files
• Regularly check active sessions on messaging platforms like WhatsApp Web
• Implement multi-level approval systems for financial transactions
• Independently verify payment requests through direct voice or in-person confirmation

Cybercrime Helpline Activated for Immediate Reporting

Authorities have also encouraged organisations and individuals to report suspicious activity immediately to the national cybercrime helpline 1930 or through the official cybercrime reporting portal to improve chances of fund recovery and containment.

Police warned that early reporting is critical, as stolen funds are often rapidly transferred across layered financial networks within minutes.