CEO Deepfake BEC SWIFT Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 01, 2026

Severity: CRITICAL | View Full Scam Details

CEO Deepfake WhatsApp Scam: How Crooks Are Using AI to Steal Your Company's Money in India (2026)

The CEO Deepfake BEC SWIFT scam is a sophisticated fraud targeting Indian businesses, using fake CEO identities generated by AI to trick employees into making unauthorized money transfers.

What Is the CEO Deepfake BEC SWIFT Scam?

This scam is a particularly dangerous evolution of Business Email Compromise (BEC) fraud. It combines deepfake technology with social engineering to impersonate a company's CEO or other senior executive, typically targeting employees in the finance or accounting departments. Instead of just relying on written emails as in a typical BEC attack, this scam often uses WhatsApp messages and even AI-generated audio or video calls to create a highly convincing illusion. The goal is to manipulate employees into transferring large sums of money, often using SWIFT (Society for Worldwide Interbank Financial Telecommunication) for international transactions or UPI for domestic transfers.

This type of fraud is increasingly prevalent in India, as fraudsters take advantage of readily available AI tools and the growing reliance on digital communication channels. Indian companies, particularly those with international operations, are at high risk. While there aren’t specific advisories mentioning "CEO Deepfake," regulatory bodies like the Reserve Bank of India (RBI) and CERT-In (the Indian Computer Emergency Response Team) regularly issue warnings about online fraud including BEC attacks and the importance of vigilance in financial transactions. The Indian Cyber Crime Coordination Centre (I4C) also plays a key role in coordinating efforts to combat cybercrime across the country.

How This Scam Works — Step by Step

Here's a breakdown of how the CEO Deepfake BEC SWIFT scam unfolds:

1. Reconnaissance: The fraudsters conduct thorough research on the targeted company. This includes gathering information from the company's website, social media platforms like LinkedIn (looking at employee profiles and organizational structure), and public records. They identify key individuals – often the CEO, CFO, and employees in the finance department.

2. Impersonation: The scammer creates a fake online persona, often using WhatsApp as the primary communication channel. They might use a profile picture stolen from the CEO's online presence or create a similar-looking profile. Increasingly, AI technology is used to create deepfake audio or video of the CEO, mimicking their voice and mannerisms.

3. Initial Contact: The fraudster (masquerading as the CEO) contacts an employee in the finance department via WhatsApp. The initial message is often seemingly innocent, perhaps asking if the employee is available for an urgent task. This establishes contact and sets the stage for further manipulation.

4. Urgent Request: Once the employee responds, the "CEO" presents an urgent and confidential request. This often involves a time-sensitive financial transaction, such as a payment to a new supplier or an urgent invoice that needs immediate attention. They might claim they are in a meeting or traveling and unable to handle it themselves.

5. Manipulation and Pressure: The "CEO" uses persuasive language and pressure tactics to convince the employee to expedite the transfer. They might emphasize the importance of secrecy, the potential consequences of delay, or even hint at the employee's career prospects. If it is an audio or video call, the deepfake strengthens the illusion of authenticity.

6. Money Transfer: The employee, believing they are acting on the CEO's instructions, initiates the money transfer. This could involve a SWIFT transfer for international payments or a UPI transfer for domestic transactions. The fraudulent account often belongs to a shell company controlled by the scammers.

7. Discovery and Damage: By the time the company realizes it has been scammed, the money is often gone. Tracking and recovering funds transferred via SWIFT or UPI can be extremely difficult, especially if the funds have been moved to overseas accounts.

Real Warning Signs to Watch For

Here are key red flags that should raise suspicion:

• Unexpected WhatsApp Contact: Be extremely wary of urgent requests coming through WhatsApp, especially if the CEO typically communicates through official channels like email or in-person meetings.
• Unusual Language or Tone: Pay attention to the language style. Does it match the CEO's usual way of communicating? Deepfakes might be convincing, but subtle inconsistencies can exist.
• Secrecy and Urgency: Be suspicious of requests that demand absolute secrecy or emphasize extreme urgency, preventing you from following established verification procedures.
• Unfamiliar Account Details: Double-check the beneficiary account details. Any discrepancies or unfamiliar names should be a major red flag.
• Pressure to Bypass Protocol: Be wary if you are being pressured to bypass standard approval processes or internal controls.
• Poor Audio/Video Quality: While deepfakes are improving, they might still exhibit glitches, unnatural movements, or poor audio/video quality, especially on older devices. If the connection appears unstable or the video seems subtly "off," that's a warning.
• Request for OTP or Sensitive Information: Never share OTPs (One-Time Passwords), Aadhaar details, or other sensitive information over WhatsApp or any unverified channel.

What Happens to Victims

The consequences of falling victim to a CEO Deepfake BEC SWIFT scam can be devastating. Beyond the significant financial losses (often running into lakhs or crores of INR), companies can also suffer reputational damage. Employees who unwittingly participate in the fraud can face disciplinary action or even legal repercussions. The emotional impact can be significant, leading to stress, anxiety, and a loss of trust within the organization. In some cases, fraudsters may use stolen identity information (obtained through successful scams) for further fraudulent activities like opening fake bank accounts or obtaining loans. SIM swap scams, often linked to these types of attacks, can further compromise personal and corporate security.

What RBI and CERT-In Say

While specific advisories targeting "CEO Deepfake" attacks aren't widely publicized, the RBI and CERT-In consistently warn against online fraud, unauthorized transactions and the importance of adhering to security procedures. RBI frequently publishes guidelines on safe banking practices and encourages customers to report suspicious activity immediately. CERT-In issues alerts about phishing attacks, malware, and other cyber threats that can be used to facilitate these scams. The RBI also provides resources for registering complaints related to unauthorized electronic transactions. You can also file complaints related to cyber security breaches at cybercrime.gov.in, the Indian government's cybercrime reporting portal.

How to Protect Yourself

1. Verify Requests: Always verify any financial request, especially those coming through WhatsApp or other unofficial channels. Call the CEO directly (using a known, trusted number) to confirm the request before taking any action.
2. Implement Multi-Factor Authentication (MFA): Enforce MFA for all critical systems and accounts, especially those related to financial transactions. This adds an extra layer of security, making it harder for fraudsters to gain unauthorized access.
3. Establish Clear Protocols: Develop and enforce strict internal protocols for financial transactions. These protocols should include mandatory verification steps, dual authorization requirements, and clearly defined approval limits.
4. Educate Employees: Conduct regular cybersecurity awareness training for all employees, focusing on the latest fraud techniques and red flags. Emphasize the importance of vigilance and encourage employees to report any suspicious activity.
5. Secure Communication Channels: Limit sensitive discussions and financial approvals to secure communication channels. Avoid discussing confidential information over WhatsApp or other unencrypted messaging platforms.
6. Implement Anti-Fraud Software: Deploy anti-fraud software and monitoring tools to detect suspicious activity and flag potentially fraudulent transactions.
7. Regularly Review Security Measures: Review and update your security measures regularly to adapt to evolving threats. This includes patching software vulnerabilities, strengthening passwords, and improving incident response plans.

What to Do If You've Been Targeted

If you suspect you've been targeted by a CEO Deepfake BEC SWIFT scam:

1. Immediately Report: Report the incident immediately to your company's IT security department and senior management.
2. Contact the Bank: Contact your bank immediately and inform them of the situation. Ask them to freeze the fraudulent transaction, if possible, and provide information on how to recover the funds.
3. File a Cybercrime Complaint: File a complaint with the cybercrime cell of your local police and on the national cybercrime reporting portal (cybercrime.gov.in). Provide all relevant details, including screenshots of the fraudulent communications and transaction records.
4. Call the Cybercrime Helpline: Call the national cybercrime helpline at 1930. This helpline can provide immediate assistance and guidance on how to proceed.
5. Preserve Evidence: Preserve all evidence, including WhatsApp messages, emails, transaction records, and any other relevant documentation. This evidence will be crucial for the investigation.
6. Review Security Protocols: Review and strengthen your company's security protocols to prevent future incidents. This includes implementing stricter verification procedures, improving employee training, and deploying additional security measures.

Frequently Asked Questions

Q: How convincing are these deepfake videos and audio?

A: Deepfake technology has advanced significantly and can create highly realistic imitations of a person's voice and video. However, even the best deepfakes can have subtle flaws. Watch out for unnatural lip movements, inconsistent lighting, or poor audio quality. Always be skeptical, especially if the request is unusual.

Q: Can I recover the money if I fall victim to this scam?

A: Recovering funds from