₹10.40 Crore CEO Scam Exposed: Fraudsters Impersonate Senior Executives
Mumbai: A significant cyber fraud investigation has uncovered a novel corporate cybercrime tactic referred to as the Boss Scam, wherein malicious actors allegedly assumed the identity of a senior corporate figure to manipulate a deputy general manager into executing 63 separate bank transfers totaling ₹10.40 crore over a 13-day period.
The Boss Scam Unveiled
Law enforcement authorities have apprehended six individuals in connection with the scheme, with ongoing efforts focused on locating the primary orchestrators and additional members of the organized network. The incident began on June 3 when the victim received a message from an unknown number purporting to be from the company’s senior executive. The sender provided the executive’s name and photograph, leading the recipient to believe the communication was legitimate. The impersonator claimed to be engaged in continuous meetings and instructed the finance executive not to seek verification through alternative channels. Over subsequent days, the fraudster directed the victim to transfer company funds to multiple accounts. The deputy general manager complied, executing the transactions between June 3 and June 15, with the total amount transferred reaching ₹10,40,71,924. The deception was uncovered when the victim requested documentation to support the payments, prompting the actual executive to deny issuing any such directives.
The Investigation and Arrests
During the probe, Delhi Police intercepted two individuals attempting to withdraw substantial sums from their bank accounts. These suspects reportedly confessed to leasing their financial accounts to the cybercriminal group in exchange for financial incentives. Their cooperation facilitated the identification of a secondary handler, leading to the case’s transfer to Mumbai Police and the subsequent arrest of six suspects.
The Sophisticated Money-Laundering Tactics
Investigators noted that the syndicate employed an advanced money-laundering approach, avoiding reliance on traditional mule accounts. Stolen funds were first funneled through intermediary accounts before being used to purchase gold jewelry from established retailers across multiple states. The gold was then pledged with local lenders to secure gold loans, with the proceeds subsequently transferred via new bank accounts. This method created significant obfuscation in tracking the funds’ origin, complicating forensic efforts.
Targeting Corporate Vulnerabilities
Law enforcement revealed that the gang systematically targeted large enterprises, leveraging publicly available information about senior executives from corporate websites. They obtained contact details for finance personnel through deceptive phone calls. In some instances, employees received maliciously crafted ZIP files via email, which, when opened, installed malware capable of compromising devices. This software enabled attackers to manipulate web sessions and contact lists, allowing them to impersonate executives and issue fraudulent payment orders.
A cybersecurity specialist and former IPS officer highlighted that the Boss Scam represents a highly sophisticated form of social engineering, exploiting human trust rather than technical vulnerabilities. The perpetrators created a false sense of urgency by mimicking high-ranking officials, pressuring employees to execute immediate financial transfers. The expert emphasized that all high-value payment requests must be independently verified through official communication channels, such as direct phone calls, video confirmations, or established corporate protocols. Relying solely on message content, profile pictures, or saved contact names poses significant risks, potentially resulting in multi-crore losses.
Ongoing Efforts and Current Status
Authorities have successfully frozen approximately 50% of the stolen funds, with ongoing efforts to trace the remainder and identify the network’s central figures. Police suspect the operation was orchestrated by a well-structured interstate cybercrime group targeting gaps in corporate financial approval processes.
