Spear-phishing campaign compromises executives at 150+ companies — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 01, 2026

Severity: CRITICAL | View Full Scam Details

Spear Phishing Alert: 2026 Scam Targeting Indian Executives at 150+ Companies

A sophisticated spear-phishing campaign is targeting high-ranking executives in India, potentially compromising sensitive company data and finances.

What Is the Spear-phishing campaign compromises executives at 150+ companies?

This scam, a type of phishing attack called "spear phishing," specifically targets senior executives within Indian companies. Unlike general phishing attempts that cast a wide net, spear phishing is highly personalized. Scammers meticulously research their targets using publicly available information from professional networking sites like LinkedIn, corporate websites, news articles, and even social media. They then craft convincing emails designed to look like legitimate communications from colleagues, superiors, or trusted business partners. The goal is to trick executives into revealing confidential information, transferring funds, or installing malware. This campaign is particularly concerning as it has affected over 150 companies, including those in the financial sector where the potential for damage is significantly higher. Given the rise of digital fraud, CERT-In (Indian Computer Emergency Response Team) regularly issues advisories about phishing and similar threats.

How This Scam Works — Step by Step

The spear-phishing scam typically unfolds in a calculated sequence:

1. Information Gathering: Scammers begin by gathering information about the target executive, including their name, job title, responsibilities, company structure, recent projects, and connections.
2. Crafting the Deceptive Email: Using the gathered information, the scammers create a highly personalized email. This email might mention a recent company event, a shared connection, or a project the executive is working on. The email address might be spoofed to look like it's coming from a trusted source, or a legitimate, but compromised, email address could be used.
3. Creating a Sense of Urgency: The email typically creates a sense of urgency or importance, prompting the executive to take immediate action without thinking critically. For example, it might claim that a critical payment needs to be processed urgently, a sensitive document needs immediate review, or a security breach requires immediate attention.
4. Delivering the Payload: The email can contain several types of "payloads":
   • Malicious Link: Clicking on a malicious link might lead the victim to a fake website that looks identical to a legitimate one. This fake website might ask the executive to enter their login credentials, banking details, or other sensitive information, which is then stolen by the scammers.
   • Malicious Attachment: The email might contain a malicious attachment (e.g., a PDF, Word document, or Excel file) that, when opened, installs malware on the executive's computer or mobile phone. This malware can steal data, monitor activity, or give the scammers remote access to the executive's devices.
   • Direct Request for Funds: In some cases, the email directly requests the executive to transfer funds to a specific account. This might be framed as a request from a senior executive or a trusted partner.
5. Exploitation: Once the scammers have obtained the desired information or access, they can exploit it for financial gain, such as stealing company funds, accessing sensitive data, or launching further attacks on the company's systems. They might exploit UPI payment systems, or transfer money out through a series of transactions.

Real Warning Signs to Watch For

• Unexpected or Unusual Emails: Be suspicious of emails that you weren't expecting, especially if they ask for sensitive information.
• Sense of Urgency: Emails that create a strong sense of urgency, pressuring you to act immediately, are often red flags.
• Poor Grammar and Spelling: While sophisticated scammers are getting better, many phishing emails still contain grammatical errors or spelling mistakes.
• Mismatched Email Addresses: Carefully check the sender's email address. Does it match the supposed sender's domain? Look for subtle variations or typos.
• Requests for Sensitive Information: Be wary of any email that asks you to provide sensitive information, such as passwords, bank account details, or Aadhaar numbers. Legitimate organizations rarely request such information via email.
• Unusual Attachments: Avoid opening attachments from unknown senders or attachments with unusual file extensions (e.g., .exe, .zip) from known senders unless you are absolutely sure they are safe.
• Suspicious Links: Hover over links before clicking on them to see where they lead. Be cautious of links that redirect to unfamiliar websites or use shortened URLs.

What Happens to Victims

The consequences of falling victim to a spear-phishing attack can be severe. Executives might accidentally compromise their company's sensitive financial data, leading to substantial financial losses. Victims may also have their personal information stolen, leading to identity theft and financial fraud. Imagine an attacker gaining access to an executive’s email and then using that access to request a SIM swap, which provides access to all OTPs sent to that number, including banking OTPs.

Emotionally, victims may experience shame, embarrassment, and anxiety due to the breach of trust and potential damage to their professional reputation. In some cases, compromised Aadhaar information can lead to long-term privacy issues and financial repercussions. The misuse of UPI credentials can result in immediate fund loss.

What RBI and CERT-In Say

Both the Reserve Bank of India (RBI) and CERT-In frequently issue public advisories about phishing scams and other cyber threats. They emphasize the importance of verifying the authenticity of emails and being cautious when clicking on links or opening attachments from unknown sources. RBI has guidelines on secure digital banking practices, advising users to avoid sharing sensitive financial information online. CERT-In issues specific alerts on identified phishing campaigns and provides guidance on mitigating risks. The Cybercrime.gov.in portal has resources that highlight trending attack vectors in India.

How to Protect Yourself

1. Verify Email Senders: Always verify the sender's identity by contacting them directly through a trusted channel, such as a phone call or a secure messaging app.
2. Enable Multi-Factor Authentication (MFA): Use MFA on all your critical accounts, including email, banking, and social media accounts.
3. Be Suspicious of Links and Attachments: Avoid clicking on links or opening attachments in emails from unknown senders. Even if you know the sender, be cautious and verify the link or attachment before clicking it.
4. Educate Yourself and Your Team: Stay informed about the latest phishing techniques and train your team to recognize and avoid these scams. BharatSecure.app is a great resource to stay updated.
5. Use Strong Passwords: Use strong, unique passwords for all your online accounts, and use a password manager to store them securely.
6. Keep Your Software Up to Date: Regularly update your operating system, web browser, and antivirus software to protect against known vulnerabilities.
7. Implement Email Security Measures: Use email filtering and anti-spam solutions to block phishing emails from reaching your inbox.

What to Do If You've Been Targeted

If you suspect you've been targeted by a spear-phishing scam:

1. Change Your Passwords Immediately: Change the passwords for all your critical accounts, including email, banking, and social media.
2. Report the Incident: Report the incident to your company's IT department or security team, as well as to the authorities. File a complaint on cybercrime.gov.in.
3. Monitor Your Accounts: Carefully monitor your bank accounts, credit cards, and other financial accounts for any unauthorized activity.
4. Contact Your Bank: If you've shared your banking details or transferred funds, contact your bank immediately to freeze your account and report the fraud.
5. Contact the Cybercrime Helpline: Call the national cybercrime helpline at 1930 to report the incident and seek assistance.
6. Inform Affected Parties: If you think your contacts may have been affected, notify them so they can also take precautionary steps.

Frequently Asked Questions

Q: What makes spear phishing different from regular phishing?

A: Regular phishing is like sending out a general email to thousands of people hoping someone will fall for it. Spear phishing is much more targeted and personalized, focusing on specific individuals or groups within an organization. Scammers do their research, tailoring the email to make it highly convincing.

Q: I received an email that looks very legitimate. How can I be sure it's not a scam?

A: Always verify the sender's identity by contacting them through a separate, trusted channel like a phone call. Be wary of any email that creates a sense of urgency or asks for sensitive information. Hover over links to see where they lead before clicking, and be suspicious of any attachments.

Q: If my company is targeted, what is the long-term damage it can cause?

A: A successful spear-phishing attack can lead to significant financial losses, data breaches, and reputational damage. It can also disrupt business operations and erode customer trust. The long-term impact depends on the sensitivity of the data compromised and how quickly the company responds to the attack.

Was that email really from your boss? Don't take the risk. Verify suspicious messages at BharatSecure.app today.