A dangerous cyber fraud known as the “Boss Scam” has once again exposed the growing risks facing businesses in the digital age. Cybercriminals allegedly duped employees of two companies into transferring nearly ₹3.5 crore after gaining access to their communication systems through a malicious ZIP file sent via WhatsApp.

According to authorities, the fraud began when employees received a file that appeared to have been sent by a senior company official. Believing it to be a legitimate work-related document, they downloaded and opened the ZIP file on their devices.

What appeared to be a routine business communication soon turned into a major cybercrime incident.

How the Fraudsters Executed the Scam

Investigators said the ZIP file contained malware designed to compromise the victim’s device. Once installed, the malicious software allegedly enabled cybercriminals to gain access to sensitive information and business communications.

After infiltrating the system, the fraudsters reportedly monitored conversations and collected details about the company’s internal operations, financial processes, and key personnel.

Using the information gathered, the criminals allegedly impersonated senior executives and sent instructions to employees responsible for financial transactions.

The messages appeared genuine and carried the authority of company leadership, making it difficult for employees to suspect foul play.

Employees Tricked Into Transferring Funds

Authorities said the fraudsters created a sense of urgency while issuing payment instructions. Believing the requests were authentic and came from top management, employees processed the transactions.

The scam resulted in significant financial losses for two businesses.

In one case, an aluminium trading company reportedly lost around ₹1.98 crore. In another incident, a jewellery design firm allegedly suffered losses of approximately ₹1.5 crore.

Combined, the fraud caused losses of nearly ₹3.5 crore.

What Is a ‘Boss Scam’?

Cybersecurity experts describe a Boss Scam as a form of executive impersonation fraud in which criminals pretend to be company owners, chief executives, directors, or other senior officials.

The objective is to convince employees to transfer money or share confidential information by exploiting trust and workplace hierarchy.

Unlike conventional cyberattacks that focus on hacking systems directly, Boss Scams rely heavily on social engineering techniques. Fraudsters manipulate employees into believing they are acting on legitimate instructions from senior management.

As businesses increasingly depend on digital communication platforms, such scams have become more sophisticated and difficult to detect.

Why the Latest Scam Is Particularly Dangerous

Experts warn that this latest version of the Boss Scam is more dangerous because it combines malware infection with executive impersonation.

Once cybercriminals gain access to a device, they can observe conversations, study organizational structures, and identify employees responsible for handling payments.

This allows them to craft highly convincing messages that closely resemble genuine business communications.

Since the requests often come through familiar messaging platforms and appear to originate from trusted contacts, employees may not recognize the fraud until after the money has been transferred.

Authorities Issue Advisory

Cybercrime officials have urged businesses to remain vigilant against suspicious files, links, and payment instructions received through messaging applications.

Companies have been advised to verify all high-value financial requests through direct phone calls or additional approval mechanisms before processing transactions.

Experts also recommend regular employee training, multi-level authorization systems, and stronger cybersecurity measures to reduce the risk of such attacks.

Growing Threat to Corporate India

The ₹3.5 crore fraud highlights how cybercriminals are increasingly targeting businesses through deception rather than traditional hacking methods.

Investigators believe similar scams could become more common as fraudsters continue to exploit communication platforms and organizational trust to gain access to corporate funds.

The incident serves as a stark reminder that even a seemingly harmless file received on a messaging app can become the starting point of a multi-crore cyber fraud operation, making awareness and verification crucial for every organization.

This version follows the style commonly used by Indian news portals such as India Today, Times Now, News18, Zee News, ABP, and Hindustan Times—straight news reporting, less explanatory fluff, stronger headlines, and tighter adherence to the reported facts.