WhatsApp messages and Malware attacks: TGCSB warns of surge in ‘Boss Scam’ fraud - The HinduPublished - June 24, 2026 08:42 pm IST - HYDERABADThe Telangana Cyber Security Bureau (TGCSB) has issued a public advisory warning government departments, businesses and organisations about an increasing cyber fraud known as the “Boss Scam” or CEO impersonation fraud.According to the advisory, more than 300 complaints related to the scam have been reported nationwide within a span of nearly 20 days, prompting concerns over the increasing use of malware and impersonation tactics by cybercriminals.The advisory states that fraudsters are targeting senior executives, government officials, business owners and organisational leaders through e-mails and WhatsApp messages disguised as urgent regulatory, compliance or official communications.Investigators said the scam typically begins with cybercriminals sending malicious ZIP or RAR files disguised as notices, compliance documents or urgent communications. Once the attachment is opened, malware is installed on the victim’s device, allowing unauthorised access to active WhatsApp Web sessions and other sensitive information.The compromised accounts are then used to impersonate senior officials or company executives. Fraudsters send instructions to employees, finance teams or subordinate staff, pressuring them to make urgent financial transfers or disclose confidential information.The TGCSB said the scam relies heavily on exploiting trust, authority and urgency, often convincing victims to bypass established approval procedures in the belief that the instructions have come directly from a senior official.Officials have advised organisations to be alert to warning signs, including unexpected ZIP or RAR attachments, messages marked as urgent compliance requests, instructions received solely through e-mail or WhatsApp, requests for confidential financial transactions and attempts to circumvent standard approval processes.The bureau urged businesses and government departments to independently verify all financial instructions through direct phone calls or official communication channels, regardless of the apparent sender’s identity.It also recommended enabling multi-factor authentication, regularly reviewing active WhatsApp Web sessions, avoiding suspicious attachments and conducting regular cyber security awareness programmes for employees.The bureau has asked victims or those who encounter such fraud attempts to report them immediately through the National Cybercrime Helpline on 1930 or the National Cybercrime Reporting Portal.Published - June 24, 2026 08:42 pm ISTSign in to unlock member-only benefits!Access 10 free stories every monthSave stories to read laterAccess to comment on every storySign-up/manage your newsletter subscriptions with a single clickGet notified by email for early access to discounts & offers on our products${ ind + 1 } ${ device }Last active - ${ la }