Executive Email-to-WhatsApp Escalation Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Severity: HIGH | View Full Scam Details

Beware in 2026: Executive Email-to-WhatsApp Escalation Scam Targeting Indian Businesses

A growing number of Indian employees are being tricked by scammers who start with fake emails from company executives and then push conversations to WhatsApp to steal money via UPI and other digital payments.

What Is the Executive Email-to-WhatsApp Escalation Scam?

The Executive Email-to-WhatsApp Escalation Scam is a sophisticated cyber fraud targeting employees in Indian companies, especially those handling payments or vendor relations. Scammers impersonate high-ranking executives like CEOs or Managing Directors by sending phishing emails designed to look convincingly legitimate. These emails often use familiar business language and company-specific jargon to build trust and authority.

According to public complaints reported to CERT-In and the I4C (Indian Cyber Crime Coordination Centre), this scam has become more frequent in 2023-24, affecting IT firms, manufacturing units, and even government contractors. The goal is to manipulate employees into shifting official communications from email to WhatsApp, where fraudsters apply pressure and secrecy tactics to request urgent UPI payments or fund transfers. RBI and CERT-In advisories warn employees to be wary of any unexpected financial requests from senior leaders through informal channels.

How This Scam Works — Step by Step

1. Research and Reconnaissance: Scammers gather detailed information about the company structure and key executives using LinkedIn and other social media, identifying whom to impersonate.

2. Phishing Email: An employee receives an email appearing to come from a top-level executive’s official email address or a similar-looking fake ID. The email uses company-specific terms and seems urgent but professional.

3. Request to Switch to WhatsApp: The email asks the employee to continue the conversation on WhatsApp for “quick updates” or “confidential instructions,” making it harder for security teams to monitor.

4. WhatsApp Messaging: On WhatsApp, the scammer intensifies urgency, sometimes adding fake colleagues or “assistants” to pressure the employee to act fast without verification.

5. Payment Demand: The scammer demands immediate transfer of funds via UPI or bank transfer, citing fake invoices, vendor payments, or emergency business expenses.

6. Use of Psychological Pressure: They threaten consequences like missing business deadlines or losing deals if instructions aren’t followed immediately.

7. Money Transfer and Disappearance: Once the victim sends money to masked UPI IDs or bank accounts, the fraudsters abruptly cut off communication and vanish.

Real Warning Signs to Watch For

• Unexpected emails from executives requesting financial transactions.
• Sudden insistence to move business communication from secure email to WhatsApp or personal messaging apps.
• Urgent demands for payments without prior notice or formal approval.
• Requests for secrecy about the transaction or threats about negative business impact.
• Use of slightly altered email addresses or phone numbers that look like official ones.
• Unusual language or phrasing inconsistent with how actual company leadership communicates.
• Receiving payment requests to unfamiliar UPI IDs or bank accounts not previously used by vendors.

What Happens to Victims

Victims often suffer significant financial loss, sometimes amounting to lakhs of rupees transferred via UPI or NEFT to fraudsters’ accounts. Since UPI payments are instant and largely irreversible, RBI’s limited scope for transaction reversal adds to the challenge. Employees may also face the stress of explaining the loss to their management and could be reprimanded for failing internal controls.

There's also potential misuse of Aadhaar or SIM swapping if fraudsters gain further access, magnifying risk beyond direct financial theft. The scam can erode employee trust and damage company reputations when fraud incidents become public knowledge.

What RBI and CERT-In Say

RBI has issued warnings emphasizing that no genuine executive will request fund transfers through informal channels like WhatsApp. Their official advisories highlight the importance of following standard verification protocols, such as calling the executive through official phone numbers before initiating transactions.

CERT-In and the I4C cybercrime cell urge employees and companies to strengthen email security, avoid sharing sensitive information on personal messaging apps, and report any suspicious communication immediately. The national cybercrime helpline 1930 is a key resource for victims to lodge complaints swiftly.

How to Protect Yourself

1. Verify via Official Channels: If you receive payment requests from executives via email or WhatsApp, always confirm by calling their verified office number.

2. Keep Payment Approvals Formal: Ensure all fund transfer instructions go through formal, documented channels with proper supervisor approvals.

3. Avoid Moving Communication to Personal Apps: Never switch official, financial conversations from corporate email to WhatsApp or similar platforms.

4. Look Closely at Email Addresses: Carefully check sender email addresses for subtle differences or misspellings signaling phishing.

5. Do Not Share OTP or UPI PIN: Legitimate executives or banks will never ask for your banking OTP or UPI PIN.

6. Train Employees Regularly: Conduct company-wide phishing simulation and fraud awareness sessions to keep everyone alert.

7. Use Multi-Factor Authentication: Enable MFA for company emails and payment systems to reduce risks from compromised accounts.

What to Do If You’ve Been Targeted

• Immediately notify your company’s IT and finance departments about the suspicious communication or payment.
• Contact your bank without delay to attempt blocking or freezing the transaction, although UPI reversals are difficult once settled.
• File a complaint at cybercrime.gov.in and call the 1930 cybercrime helpline to inform authorities about the fraud.
• Preserve all communications (emails, WhatsApp chats) as evidence to aid investigations.
• Check if your Aadhaar and mobile SIM details have been compromised and report to UIDAI and telecom providers if needed.
• Inform RBI through their banking grievance mechanisms if the fraud involves an Indian bank account or UPI transaction.

Frequently Asked Questions

Q: Can I recover money sent through UPI in this scam?
A: UPI transactions in India are nearly instantaneous and typically irreversible. You should immediately contact your bank and file a cybercrime complaint as soon as possible. Authorities may trace the funds, but successful recovery is rare.

Q: How can I be sure an email is really from my CEO and not a scam?
A: Always check the sender’s email ID carefully for subtle differences. Confirm any payment requests by calling the executive or their office directly using known phone numbers. Legitimate executives do not usually bypass formal processes or switch to WhatsApp for financial discussions.

Q: Is reporting to the 1930 helpline helpful?
A: Yes. The 1930 cybercrime helpline operated by the Government of India is the official channel to report cyber fraud. Early reporting helps law enforcement coordinate investigations and alerts other potential victims.

For any suspicious message or call claiming to be from company executives, verify immediately at BharatSecure.app and report fraud to the 1930 helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.