#FactCheck-Bangladesh Video Falsely Shared as Security Forces Action During West Bengal Elections 2026
Executive Summary
As West Bengal heads for vote counting on May 4, 2026, following the second phase of Assembly polling held on April 29, a video is being widely shared on social media. The clip shows security personnel baton-charging civilians, with users claiming it depicts force being used during the West Bengal Assembly Elections 2026. Research by CyberPeace Research Wing found that the viral claim is misleading. The video is actually from Bangladesh and is being falsely linked to the West Bengal elections to spread confusion.
Claim
A Facebook user named “Adv Mohd Salman” shared the clip on April 29, 2026, using Bengal-related hashtags and claiming that voters standing in line were beaten to influence the election outcome. The post alleged that free and fair voting rights were being suppressed.

Fact Check
To verify the claim, we closely examined the viral video. A vehicle visible in the footage had a registration number written in a non-Hindi script. Using Google Lens reverse image search, we found a matching image uploaded on Alamy on December 30, 2018. The image showed a military vehicle with the same script and registration style seen in the viral clip.
According to the description on the platform, the image was taken in Dhaka during Bangladesh’s national elections and showed Bangladeshi army personnel moving through a street near a polling station. This confirms that the viral footage is not related to the 2026 West Bengal Assembly elections.

Conclusion
Our research confirms that the video showing security personnel baton-charging civilians is from Bangladesh, not West Bengal. It is being falsely shared as footage from the 2026 West Bengal Assembly elections to mislead users.
Related Blogs

Executive Summary
A video showing people installing fencing along a border has gone viral on social media. In the clip, several individuals along with security personnel can be seen laying barbed wire fencing near a border area. The video is being shared with the claim that it shows fencing work underway on the India-Bangladesh border in West Bengal after the Bharatiya Janata Party (BJP) allegedly came to power in the state.
However, CyberPeace Research Wing investigation found the viral claim to be false. The video is not from a real incident and has been created using Artificial Intelligence (AI).
Claim
An X user named “Gopal Sanatani” shared the viral video on May 26, 2026, with the caption:“Voting in the right place keeps the country secure. Now no outsider will be able to snatch the rights of Indian citizens.”The archived link to the post is provided below.

Fact Check
To verify the authenticity of the viral claim, we extracted several key frames from the video and conducted reverse image searches using Google. However, we could not find any credible information or authentic reports related to the visuals shown in the clip. We also searched using relevant keywords on Google, but no trustworthy news reports connected to the claim were found.
Upon closely examining the video, several visual inconsistencies became noticeable. At one point, an object resembling a piece of paper suddenly appears in a soldier’s hand and then disappears moments later. In another scene, a man installing the fencing appears to pass directly through the barbed wire and emerges unharmed, despite the sharp wires visible in the video. These irregularities raised suspicion that the clip had been artificially generated. To further investigate, we analysed the video using AI detection tools. The analysis conducted through Hive Moderation indicated a high probability — around 80 percent — that the video was AI-generated.

Additionally, the video was examined using another AI detection platform, “AI or Not,” which indicated nearly a 99 percent likelihood that the clip had been created using artificial intelligence.

Conclusion
Our investigation found that the viral video claiming to show fencing work along the West Bengal-Bangladesh border is fake. The footage does not depict a real incident and was generated using Artificial Intelligence (AI).

Introduction
Data protection has been a critical aspect of advocacy and governance all across the world. Data fuels our cyber-ecosystem and strengthens the era of emerging technologies. All industries and sectors are now dependent upon the data of the user. The governments across the world have been deliberating internally to address the issue and legality of Data protection and privacy. The Indian government has witnessed various draft bills and policies focusing on Data protection over the years, and the contemporary bill is the Digital Personal Data Protection Bill, 2023, which was tabled at the Lok Sabha (Lower House of Parliament) on 03 August for discussions and parliamentary assent.
What is DPDP, 2023?
The goal of the complete and comprehensive Digital Personal Data Protection Bill of 2023 is to establish a framework for the protection of personal data in India. The measure acknowledges the significance of protecting personal data and seeks to strike a balance between the necessity to process personal data for legitimate purposes and the right of individuals to do so. The bill establishes a number of crucial expressions and ideas associated with the protection of personal data, including “data fiduciary,” “data principal,” and “sensitive personal data.” It also emphasises the duties of data fiduciaries, including the need to establish suitable security measures to preserve personal data and the need to secure data principals’ consent before processing their personal information. The measure also creates the Data Protection Board of India, which would implement its requirements and guarantee data fiduciaries’ compliance. The board will have the authority to look into grievances, give directives, and impose sanctions for non-compliance.
Key Features of the Bill
The bill tabled at the parliament has the following key features:
- The 2023 bill imposes reasonable obligations on data fiduciaries and data processors to safeguard digital personal data.
- Under the 2023 bill, a new Data Protection Board is established, which will ensure compliance, remedies and penalties.
- Under the new bill, the Board has been entrusted with the power equivalent to a civil court, such as the power to take cognisance in response to personal data breaches, investigate complaints, imposing penalties. Additionally, the Board can issue directions to ensure compliance with the act.
- The 2023 bill also secures more rights of Individuals and establishes a balance between user protection and growing innovations.
- The bill creates a transparent and accountable data governance framework by giving more rights to individuals.
- There is an Incorporation of Business-friendly provisions by removing criminal penalties for non-compliance and facilitating international data transfers.
- The new 2023 bill balances out fundamental privacy rights and puts reasonable limitations on those rights.
- The new data protection board will carefully examine the instance of non-compliance by imposing penalties on non-compiler.
- The bill does not provide any express clarity in regards to compensation to be granted to the Data Principal in case of a Data Breach.
- Under 2023 Deemed consent is there in its new form as ‘Legitimate Users’ pertaining to the conditions in regard to Sovernity and Intergrity of India.
- There is an introduction of the negative list, which restricts cross-data transfer.
Additionally, the measure makes special provisions for the processing of children’s personal data and acknowledges the significance of protecting children’s privacy. Additionally, it highlights the rights of the data subjects, including their right to access their personal information, their right to have wrong information corrected, and their right to be forgotten.
Drive4CyberPeace
A campaign was undertaken by CyberPeace to gain a critical understanding of what people understand about Data privacy and protection in India. The 4-month long campaign led to a pan-India interaction with netizens from different areas and backgrounds. The thoughts and opinions of the netizens were understood and collated in the form of a whitepaper which was, in turn, presented to Parliamentarians and government officials. The whitepaper laid the foundation of the recommendations submitted to the Ministry of Electronics and Information Technology as part of the stakeholder consultation.
Conclusion
Overall, the Digital Personal Data Protection Bill of 2023 is an important step towards safeguarding Indian citizens’ privacy and personal data. It creates a regulatory agency to guarantee compliance and enforcement and offers a thorough framework for data protection. The law includes special measures for the protection of sensitive personal data and the personal data of children and acknowledges the significance of striking a balance between the right to privacy and the necessity of data processing.

Introduction
Imagine receiving a WhatsApp message from your CEO late on a Friday afternoon. The message is urgent: a confidential business deal requires an immediate wire transfer before markets close. The profile picture matches, the tone sounds familiar, and the account it came from has your CEO's name on it. Everything appears legitimate except it is not. This is the essence of the 'Boss Scam,' a sophisticated form of CEO impersonation fraud that has emerged as one of the most financially devastating cybercrime trends of 2025. India's Indian Cyber Crime Coordination Centre (I4C), under the Ministry of Home Affairs, issued an urgent national advisory on this threat in June 2025, warning that organisations across the country are falling victim to an evolved and technically advanced version of executive impersonation fraud that bypasses many traditional cybersecurity safeguards.
Understanding the Boss Scam
What Is CEO Impersonation Fraud?
CEO fraud, also known as Business Email Compromise (BEC) or executive impersonation fraud, is a targeted cyberattack in which criminals assume the digital identity of a high-ranking executive most commonly the Chief Executive Officer to deceive subordinate employees into authorising fraudulent financial transactions or divulging sensitive information. Unlike generic phishing campaigns that cast a wide net, CEO fraud is a precision attack. Cybercriminals invest significant time and resources researching their targets, studying organisational hierarchies, communication styles, and internal financial workflows before executing the scam. The attack is devastatingly effective because it weaponises one of the most powerful forces in any workplace: authority. An instruction that appears to originate from the CEO carries an implicit demand for immediate compliance, often bypassing normal checks and verification procedures. The FBI's Internet Crime Complaint Center (IC3) has consistently identified BEC as one of the most financially destructive categories of cybercrime, with adjusted losses of approximately USD 2.77 billion reported in 2024 alone across the United States.
The New and Evolved Variant: India's I4C Advisory
The variant identified by India's I4C represents a dangerous evolution of traditional CEO fraud. The earlier versions of this scam relied on spoofed email addresses or fake WhatsApp profiles that merely mimicked an executive's account. Employees were trained to spot tell-tale warning signs suspicious domains, unusual sender addresses, or spelling errors in email IDs. The latest
Boss Scam variant eliminates many of these red flags entirely by hijacking the executive's actual and legitimate WhatsApp account. This sophisticated attack begins not with the employee, but with the CEO. Cybercriminals approach senior executives through email or WhatsApp while posing as regulatory authorities in India's context, this includes impersonating officials from the Reserve Bank of India (RBI) or other government bodies. These messages claim an urgent compliance violation or regulatory breach requiring immediate remedial action. The communication contains a compressed ZIP archive, which the executive is prompted to open. Inside the archive are malicious executable (.exe) and Dynamic Link Library (.dll) files that, when run on a Windows system, deploy a Trojan dropper a form of malware capable of establishing persistent access on the device and hijacking active WhatsApp Web session tokens.
Once the session token is compromised, the attacker gains complete control over the executive's WhatsApp account without needing the phone, password, or any two-factor authentication code. The legitimate account is now in criminal hands, and any message sent from it appears entirely authentic to recipients.
How the Boss Scam Operates: A Step-by-Step Breakdown
Stage 1: Targeting the Executive: The operation begins with careful reconnaissance. Attackers study the target organisation's leadership, identify the CEO or a senior executive, and gather publicly available information about their communication patterns, business relationships, and company operations through LinkedIn, corporate websites, and news sources. They then contact the executive under a false regulatory identity, engineering a sense of crisis and urgency.
Stage 2: Malware Deployment:The fraudulent regulatory communication contains a ZIP file disguised as a compliance document, a security patch, or a mandatory software update. Upon execution on a Windows machine, the embedded malware installs itself and begins hijacking the WhatsApp Web session. Critically, in many documented cases, the CEO innocently forwards this regulatory message and the malicious attachment to their own finance officer or IT team, inadvertently widening the attack surface.
Stage 3: Account Takeover and Impersonation:With the CEO's legitimate WhatsApp account now under their control, cybercriminals send highly convincing messages to subordinate staff, particularly those in finance, accounts payable, or treasury functions. These messages carry the full weight of genuine executive authority correct name, profile photo, and account history making them extraordinarily difficult to distinguish from authentic communications.
Stage 4: The Financial Strike:The fraudulent instruction typically requests an urgent, confidential wire transfer to an unfamiliar account, often accompanied by requests for complete secrecy. The employee, believing the instruction to be genuine and fearing the consequences of non-compliance with a directive from their CEO, processes the transaction. By the time the fraud is discovered, the funds have been routed through multiple mule accounts, making recovery extremely difficult.
The Broader Landscape: Scale and Impact
The Boss Scam is not an isolated Indian phenomenon it represents the cutting edge of a global epidemic of executive impersonation fraud. According to the FBI's data, BEC has been the costliest category of cybercrime for several years running, with cumulative global losses that officials have described as exceeding USD 50 billion over the past decade. A 2025 fraud survey found that 90 per cent of U.S. companies experienced attempted cyber-fraud in 2024, with business email compromise and impersonation scams surging by 103 per cent year-on-year. The technological sophistication of these attacks has grown in lockstep with the availability of AI tools. In early 2024, a finance worker at a multinational firm in Hong Kong was tricked into authorising a payment of USD 25 million after attending a video conference in which the CFO and other senior executives were entirely fabricated using deepfake technology. In March 2025, a similar attack unfolded in Singapore, where a finance director authorised nearly USD 499,000 after joining a Zoom call populated entirely by AI-generated deepfakes of company executives. Deepfake attacks against businesses reportedly surged by 3,000 per cent in 2023, and voice cloning fraud rose by 680 per cent the following year. In India, the Telangana Cyber Security Bureau reported over 300 complaints related to the Boss Scam variant alone within a twenty-day period in June 2025. In one prominent case, formerPrime Minister I.K. Gujral's son, Naresh Gujral, reportedly lost approximately Rs 7.8 crorethrough a messaging-app impersonation scheme targeting his company's Chief Financial Officer.
Warning Signs Every Employee Must Recognise
Identifying a Boss Scam attempt requires situational awareness and healthy scepticism. The following red flags should prompt immediate caution:
● Any request for urgent or secret financial transfers received via WhatsApp or email, without prior discussion or formal documentation.
● Instructions to bypass standard approval procedures or to maintain secrecy from colleagues or senior management.
● Compressed files (.zip, .rar) or executable attachments received from any source, including apparently known contacts, claiming to be compliance documents or regulatory updates.
● Messages from executives at unusual hours, particularly those emphasising that a transaction must be completed immediately.
● Claims that a request comes from a government regulator, such as the RBI, delivered through informal channels like WhatsApp.
● Any communication that creates extreme urgency, invokes authority, and simultaneously demands confidentiality the classic triangle of social engineering manipulation. Protective Measures: Defending Against the Boss Scam
For Employees and Finance Teams
The I4C advisory and global cybersecurity authorities recommend several concrete steps that employees can take. The most important is to independently verify any urgent financial instruction through a direct voice call or in-person confirmation before taking action, regardless of how convincing the digital message appears. No financial transaction of significance should be authorised on the basis of a WhatsApp message or email alone.
For Organisations and Leadership
Organisations must implement multi-layered verification protocols for all wire transfers above a defined threshold, making dual authorisation and out-of-band verification mandatory. IT teams should deploy updated malware detection tools, enforce software restriction policies that block unauthorised executable files, and regularly audit devices for signs of compromise. WhatsApp linked devices should be reviewed periodically. Leadership must also commit to regular, mandatory cybersecurity awareness training for all staff, with particular attention to social engineering tactics. The I4C has also emphasised that legitimate regulatory bodies including the RBI , do not distribute software, compliance tools, or security patches via WhatsApp or email attachments. Any such communication must be treated as a potential attack vector and reported immediately.
Conclusion
The Boss Scam exploits organisational trust and human psychology rather than technical vulnerabilities and with deepfake technology now capable of replicating familiar voices and faces, traditional verification instincts are no longer reliable. The strongest defence is a culture of verification without embarrassment, where questioning an unusual instruction is seen as diligence, not insubordination. Awareness, clear protocols, and scepticism towards urgency remain our most powerful tools. If you've encountered such a scam, contact India's National Cybercrime Helpline at 1930 or report at cybercrime.gov.in.
References
- https://www.cybercrime.gov.in
- https://www.business-standard.com/india-news/boss-scam-ceo-impersonation-fraudgovt- advisory-i4c-126062300353_1.html
- https://www.indiatvnews.com/news/india/boss-scam-all-about-the-new-cyber-fraudtargeting- corporates-and-precautions-listed-by-mha-2026-06-23-1045827
- https://www.freepressjournal.in/business/boss-scam-on-whatsapp-new-ceo-fraudbypasses- traditional-cybersecurity-checks
- https://hyderabadmail.com/tgcsb-warns-boss-scam-ceo-impersonation-fraud-malwarealert/
- https://www.newkerala.com/news/a/rising-boss-scam-threat-targets-senior-executiveswarns- 242.html
- https://www.ic3.gov
- https://www.mcafee.com/learn/is-that-really-your-boss/
- https://abnormal.ai/glossary/ceo-fraud
- https://www.brside.com/blog/deepfake-ceo-fraud-50m-voice-cloning-threat-cfos
- https://www.eftsure.com/blog/cyber-crime/these-7-deepfake-ceo-scams-prove-that-nobusiness- is-safe/
- https://www.knowbe4.com/ceo-fraud
- https://trustpair.com/blog/ceo-fraud-how-to-protect-your-organization-from-fraudsters/
- https://hacked.com/services/executive-impersonation-and-ceo-fraud-protecting-high-networth- individuals/
- https://www.certifid.com/article/ceo-fraud