CEO WhatsApp Impersonation Scam Strikes Indian Firms — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Severity: CRITICAL | View Full Scam Details

CEO WhatsApp Impersonation Scam in India 2026: A Growing Threat to Businesses Using UPI and Digital Payments

In 2026, Indian firms remain prime targets of a critical CEO WhatsApp impersonation scam that leverages UPI payments and phishing tactics to defraud employees and businesses.

What Is the CEO WhatsApp Impersonation Scam Strikes Indian Firms?

The CEO WhatsApp impersonation scam is a form of social engineering fraud where scammers pose as company executives — often the CEO or CFO — by hacking or spoofing their WhatsApp accounts. These fraudsters then instruct employees, especially those in the finance or accounts departments, to urgently transfer money via UPI or make other financial transactions. The scam usually targets medium to large Indian companies where WhatsApp is a common communication channel and digital payments are routine.

This scam has seen a rise in reported cases across India, with fraudsters exploiting the trust employees have in official WhatsApp messages. It has been flagged as a critical risk by Indian cybersecurity watchdogs including CERT-In and the government’s Indian Cyber Crime Coordination Centre (I4C). The scam has financial severity scoring as high as 9 out of 10, given how quickly and easily companies lose lakhs or even crores of rupees. RBI has reminded companies to follow stringent transaction verification due to these emerging digital fraud threats.

How This Scam Works — Step by Step

1. Initial Contact: The fraudster either hacks the CEO’s WhatsApp or creates a very similar fake account or number. Using this account, they send a WhatsApp message or call key employees, typically in accounts or finance, posing as the CEO.

2. Urgent Request: The message often stresses urgent confidentiality, asking the employee to process an immediate payment — sometimes citing a vendor payment, a confidential investment deal, or a bailout.

3. Verification Avoidance: The fraudster insists that the employee must not discuss the transaction over email or telephone with others, warning that the matter is sensitive. This discourages the victim from verifying through official company channels.

4. UPI or Bank Transfer: The employee is asked to transfer money immediately using UPI apps (like PhonePe, Google Pay, or BHIM) or make an RTGS/NEFT transfer to a provided account. The UPI ID or bank account often mimics company vendors or looks official.

5. Money Laundering: Once the payment is sent, the fraudster quickly withdraws funds or moves them through a chain of accounts to prevent tracing.

6. Detection and Damage: By the time the company realizes the scam, it is often too late to reverse the transactions due to UPI’s “finality of payment” rule.

Real Warning Signs to Watch For

• The message or call requests urgent money transfer with high secrecy.
• The WhatsApp account is new, has few contacts, or subtle inconsistencies in the profile picture or status.
• The request avoids normal company communication channels (official email or landline).
• Inconsistent or unusual payment instructions, like new UPI IDs or bank accounts not on vendor lists.
• Pressure to bypass multi-level approval or verification steps.
• Poor grammar or minor spelling errors in the WhatsApp message uncommon for a company executive.
• Employee asked not to discuss the request with colleagues or finance heads.

What Happens to Victims

Victims of this scam can suffer heavy financial losses amounting to lakhs or crores of rupees transferred to fraudulent accounts. Due to the immediate and final nature of UPI payments, reversal or refund is often impossible, leaving firms at significant risk. Apart from financial damage, affected employees and companies suffer reputational harm and increased internal stress.

Victims sometimes face challenges from Aadhaar-linked transactions or SIM swapping attacks used by scammers to gain access to corporate WhatsApp accounts. This can lead to extended investigations and operational disruptions, as well as legal hassles when reporting the loss and coordinating with banks.

What RBI and CERT-In Say

RBI’s cybersecurity framework and CERT-In advisories highlight the need for verification before any financial transaction, especially those initiated via instant messaging platforms like WhatsApp. RBI reminds firms to enforce robust multi-factor authentication and transaction controls.

CERT-In has emphasized raising awareness around CEO fraud and recommended companies train their staff to verify requests through independent communication channels. The 1930 cybercrime helpline run by Indian authorities supports victims in reporting such frauds and initiating recovery procedures.

I4C also monitors such scams and encourages reporting suspicious WhatsApp messages and suspicious transactions promptly to cybercrime.gov.in.

How to Protect Yourself

1. Always verify any payment or fund transfer request verbally with the supposed sender using an official phone number or face-to-face confirmation.
2. Do not rely solely on WhatsApp messages or calls for financial instructions.
3. Double-check UPI IDs or bank accounts against known vendors or payment beneficiaries.
4. Enable multi-level authorization for all large or urgent fund transfers.
5. Keep senior management aware of phishing trends and update cybersecurity training regularly.
6. Use WhatsApp Business features that allow verified profiles to distinguish official accounts.
7. Monitor your company’s WhatsApp and UPI transaction records closely for suspicious activity.

What to Do If You’ve Been Targeted

1. Immediately contact your bank to block or freeze any recent suspicious transactions.
2. Report the incident to your corporate IT and cybersecurity team.
3. File a complaint with the nearest police cybercrime cell and provide all WhatsApp chat records.
4. Report the fraud on cybercrime.gov.in, India’s official cybercrime reporting portal.
5. Call the 1930 cybercrime helpline for assistance in tracking and responding to such scams.
6. Inform RBI through its helpline if funds have been transferred via bank or UPI channels.
7. Change all related passwords and enable two-factor authentication on your WhatsApp and digital payment apps.

Frequently Asked Questions

Q: Can UPI payments made under this scam be reversed?
A: Generally, UPI payments are final and cannot be reversed by banks. However, immediate reporting to the bank and cybercrime authorities can sometimes help track or freeze the fraudulent accounts before funds are withdrawn.

Q: How do scammers spoof WhatsApp profiles of CEOs?
A: Scammers may hack the actual WhatsApp account or create very similar fake profiles using the CEO’s photo and details. They exploit employees’ trust to make fraudulent requests via these accounts.

Q: What should employees do if they receive an unusual payment request on WhatsApp?
A: Employees should not act on the message directly. Instead, they must verify the request through a separate communication channel like a phone call on the official number or an in-person check with the concerned executive.

Stay vigilant about suspicious payment requests on WhatsApp, especially those claiming to be from company leaders. Verify before you pay! For help verifying messages or reporting fraud, visit BharatSecure.app or call the 1930 cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.