Business·

Sebi Warns Listed Firms of 'Boss Scam' Involving AI Deepfakes and WhatsApp Hijacking

Sebi Warns Listed Firms of 'Boss Scam' Involving AI Deepfakes and WhatsApp Hijacking

SEBI warns listed firms of the 'boss scam', where fraudsters use AI deepfakes and WhatsApp to impersonate CEOs and steal funds.

Fraudsters impersonate top company executives to steal corporate funds.Criminals use AI deepfakes and voice cloning for deception.Malicious zip files hijack active WhatsApp sessions of employees.Amid a rise in cybercrime cases, the Securities and Exchange Board of India (Sebi) has cautioned regulated entities and listed companies against an emerging scam. In a release dated July 17, the regulator cautioned against the ‘boss scam’.As a part of the scam, scamsters defraud people by impersonating the chief executive officer or managing director of companies. The market regulator issued this caution after the Indian Cyber Crime Coordination Centre (I4C) informed about a rise in such cases. What Is a Boss Scam?The boss scam is a sophisticated cybercrime scheme. In order to defraud people, cybercriminals impersonate top tier executives to exploit the trust of subordinate employees. Fraudsters communicate with potential victims. Notably the victims typically include finance officers or other employees who have the authority to process payments, through digital channels such as email, WhatsApp, Microsoft Teams, or other social media platforms. Sebi Likely To Revamp F&O Margin Framework To Reward Hedged Trades, Discourage Expiry-Day BetsBy impersonating top-management they create a false sense of urgency or confidentiality, which pressures the unsuspecting employees into making financial transactions without following standard verification protocols.Boss Scam: Modus OperandiAccording to the release, fraudsters execute their operations through two methods primarily. The first method involves the direct impersonation of managing directors or chief executive officers using AI-based deep fake methodologies. Additionally, scamsters can also use voice cloning techniques during video calls to mimic the mannerisms of the executive. Fraudsters also use fake groups on social media platforms pretending to be the top-brass to coordinate with subordinates. Once the scamster contacts the victim, they receive instructions to transfer funds to a specified mule account. To prevent the employee from verifying who has sent the request, the fraudster often gives explicit directions not to share the transaction details with anyone else, falsely claiming that the matter involves unpublished price sensitive information (UPSI).The second method in these cases involves the use of malware, where a fraudster sends a compressed zip file through email or social media messaging platforms. This archive contains a malicious executable file accompanied by a dynamic link library file. Once the file is extracted and executed on a Windows desktop or laptop it hijacks active web WhatsApp session tokens, giving the fraudster access to the victim’s account, which is then used to instruct other employees to make immediate payments.Alternatively, if the attacker achieves complete device takeover, they alter the contact list on the device to save the fraudster's phone number under the name of the chief executive officer or managing director, using the secondary number to manipulate the finance officer into transferring funds.Sebi's Advice To Companies Amid Rising Cases of Boss ScamAs instances of boss-scam rise, Sebi has issued a set of directives to help companies protect themselves. Sebi has urged regulated entities and listed companies to remain cautious and cross check any financial requests received through WhatsApp, email, or social media platforms by physically calling their seniors to confirm legitimacy. The regulator has also recommended that organisations should not transfer corporate funds solely on the basis of instructions received on social media platforms. Additionally, employees should not install executable files without checking the identity of the sender, even if the message appears to come from a known contact. Sebi Removes Intraday Borrowing Limit For Mutual FundsTo foolproof themselves from technical vulnerabilities, users have been urged to log out of any web WhatsApp sessions that are not being actively used. Additionally the regulator has also asked companies to report any fraudulent applications or scam incidents by calling the designated helpline number 1930 or by visiting the official national cybercrime reporting portal.

This is a summary. Read the full article at the original source.

Read full article at outlookmoney