Caution to Regulated entities and listed companies- Boss Scam
SEBI Grade A ●●● High importance 18 July 2026
Caution to Regulated entities and listed companies- Boss Scam

What happened

On July 17, 2026, SEBI issued Press Release No. 40/2026 cautioning regulated entities and listed companies about the 'Boss Scam.' In this fraud, cybercriminals impersonate senior executives or bosses via email, messaging apps, or calls, directing employees to make unauthorized fund transfers or share confidential information. SEBI urged entities to establish verification protocols, internal controls, and employee awareness programs to prevent financial losses from this social engineering attack targeting corporate finance functions.

Why it matters

The 'Boss Scam,' also known as Business Email Compromise (BEC) or CEO Fraud, is a sophisticated social engineering attack where fraudsters impersonate high-ranking officials — CEOs, MDs, or regulators — to manipulate employees into transferring funds or leaking sensitive data. SEBI's July 2026 advisory is significant because regulated entities like brokers, mutual funds, and listed companies handle large daily financial transactions and possess material non-public information, making them high-value targets.

The mechanism is deceptively simple: fraudsters create fake email IDs visually similar to official ones, or clone voices using AI, creating urgency to bypass standard verification. Employees, fearing to question their 'boss,' comply without due diligence. The financial and reputational damage can be severe.

For SEBI-regulated entities, this has compliance dimensions beyond cybersecurity — it touches on investor protection, market integrity, and corporate governance obligations under SEBI's Listing Obligations and Disclosure Requirements (LODR) Regulations and Cybersecurity and Cyber Resilience Framework (CSCRF). SEBI's advisory implies regulated entities must integrate anti-fraud protocols into their governance frameworks, making this a governance and compliance issue, not merely an IT problem. Boards and compliance officers bear responsibility for establishing robust verification layers.
🔒
Remember + Why it matters
The key recall facts and exact examiner angle for SEBI Grade A are in the Crux app.
01
Key figure and date from this topic
02
Specific number or threshold to remember
03
Policy or regulatory implication
Open in Crux — free
Read + Understand free forever · 30-day free trial