A fake senior executive, 63 transfers, Rs 10 crore gone: Inside India’s new ‘Boss Scam’
Source Entity
Mohamed Thaver

A Mumbai-based deputy general manager was defrauded of Rs 10.40 crore after being tricked by a scammer impersonating his boss. The fraud involved 63 transactions over two weeks and was only discovered when the employee requested invoices via official channels.
The Anatomy of a Corporate Nightmare: Analyzing the 'Boss Scam'
In a staggering display of social engineering and corporate vulnerability, a Mumbai-based deputy general manager, Girish Amin, fell victim to a sophisticated 'Boss Scam' that resulted in the loss of Rs 10.40 crore. The fraud began with a seemingly routine request from an individual impersonating Sidharth Jain, the company's Executive Director. This incident highlights a dangerous trend in cybercrime where attackers leverage the psychological pressure of hierarchy to bypass standard financial safeguards. By mimicking the authority of a top executive, the scammer managed to manipulate a senior manager into bypassing critical verification steps, proving that even high-ranking employees are susceptible to well-crafted impersonation attacks.
The Psychology of Authority and Operational Failure
The scale of this fraud is particularly alarming due to the frequency and volume of the transfers. Over a period of less than two weeks, Amin executed 63 separate transactions, starting with an initial request for Rs 46.5 lakh. This pattern suggests a 'foot-in-the-door' technique, where the scammer first establishes trust with a smaller (though still significant) amount before escalating the demands. The fact that 63 transactions were processed without a single internal red flag being raised indicates a catastrophic failure in the company's internal financial controls. In most reputed corporate environments, transfers of such magnitude typically require multi-level authorization or 'maker-checker' protocols, yet in this case, the DGM appeared to have unilateral or unchecked power to move company funds based on messaging alone.
The Critical Role of Official Communication Channels
The fraud only came to light on June 16, when Amin shifted his communication from the unofficial channel used by the scammer to an official corporate channel. The request for invoices for accounting purposes served as the ultimate fail-safe. This underscores a fundamental lesson in corporate security: the medium of communication is as important as the message itself. The scammer relied entirely on the victim's willingness to accept instructions via a non-verified channel, likely a messaging app or an unverified email. The moment the interaction moved to a formal, traceable system, the facade collapsed, revealing that the person providing the instructions was not Sidharth Jain.
Broader Implications for Corporate Governance
This incident serves as a wake-up call for businesses across India and globally regarding the evolution of Business Email Compromise (BEC) and social engineering. As companies digitize their workflows, the reliance on rapid, digital communication often comes at the expense of rigorous verification. The 'Boss Scam' exploits the cultural tendency in many corporate structures to obey senior leadership without question. To prevent such occurrences, organizations must implement strict mandates that forbid the transfer of funds based on messaging apps or emails without a secondary, out-of-band verification—such as a phone call or a face-to-face confirmation—regardless of the seniority of the person making the request.
Future Trends in Executive Impersonation
Looking forward, the risk of these scams is expected to increase with the integration of Generative AI. While this specific case involved text-based impersonation, the next frontier involves 'Deepfake' audio and video, which could make it nearly impossible for an employee to distinguish a scammer from their actual boss during a call. The transition from simple text scams to AI-driven identity theft means that companies can no longer rely on 'hearing the voice' of an executive as a form of verification. The future of corporate security will necessitate the adoption of cryptographic signatures for internal financial approvals and a culture of 'trust but verify' that empowers subordinates to question unusual requests from leadership.
Summary of Findings
This case is a textbook example of how the intersection of authority bias and poor financial oversight can lead to massive corporate losses. The loss of Rs 10.40 crore through 63 transactions emphasizes that the danger is not just in the initial breach, but in the lack of ongoing monitoring. The eventual discovery through official accounting requests highlights the necessity of maintaining rigid, formal communication channels for all financial operations to mitigate the risks posed by increasingly sophisticated social engineering tactics.
Multiple Citing Sources