Spoofed-Number CEO WhatsApp Impersonation — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 28, 2026

Severity: HIGH | View Full Scam Details

Spoofed-Number CEO WhatsApp Impersonation Scam in India 2026: Protect Your UPI Payments and Data

A rising cybercrime threat in India involves fraudsters impersonating company CEOs on WhatsApp using spoofed phone numbers to trick employees into making fraudulent payments via UPI.

What Is the Spoofed-Number CEO WhatsApp Impersonation?

The Spoofed-Number CEO WhatsApp Impersonation scam is a serious cyber fraud targeting employees within Indian companies, especially those with financial transaction authority. In this scam, fraudsters create WhatsApp profiles that appear to belong to a company’s CEO or a senior executive by using spoofed phone numbers resembling official contacts. They often use the real CEO’s name and photo, obtained through public sources such as LinkedIn or company websites to appear authentic.

This scam primarily targets accounting, finance, or procurement teams who handle payments via UPI or bank transfers. The fraudsters use these impersonations to send urgent or confidential payment requests, often outside regular business hours. The scam is gaining attention from Indian cybercrime authorities such as CERT-In and the Indian Cyber Crime Coordination Centre (I4C), who have issued general alerts about CEO frauds impersonating executives on digital platforms like WhatsApp.

Several reported cases in India have shown financial losses running into lakhs of INR, increased due to employees responding hastily to messages they believe are genuine. The scam is considered high severity because it exploits trust in everyday tools like WhatsApp and the growing use of UPI payments.

How This Scam Works — Step by Step

1. Research and Spoofing: The scammer collects details about the target company’s CEO, including their WhatsApp profile picture and name, using public platforms. They then create a fake WhatsApp account with a phone number very similar to the CEO’s official number, often changing just one or two digits.

2. Initial Contact: After business hours or during holidays—when employees may be less cautious—the scammer sends a message to an employee who is authorized to make payments. The message conveys urgency, for example, “Please process this urgent payment immediately.”

3. Psychological Pressure: The impersonator emphasizes secrecy or urgency, warning that the matter is confidential or time-sensitive. This tactic pushes the employee to act quickly without verifying the request.

4. UPI Payment Request: The scammer provides a UPI ID or bank account number (often masked as us**@bank or XXXX1234) for transfer. They claim it is for a vendor or crucial business expense.

5. Transaction and Cover-Up: Once payment is made, scammers either delete the chat or block the victim, preventing follow-up. They move funds quickly to hide their tracks.

6. Victim Realization: Employees discover the fraud hours or days later, often when reconciliation of accounts or vendor follow-up fails.

Real Warning Signs to Watch For

• WhatsApp contact number differs by one or two digits from the CEO’s known official number.
• Payment requests made unusually late in the day, on weekends, or holidays.
• Messages create a sense of urgency, pressuring for immediate action.
• Instructions that emphasize secrecy or ask not to disclose the payment to anyone.
• UPI IDs or bank details that do not match known vendors.
• Communication style or language inconsistent with the actual CEO’s manner.
• Lack of follow-up by phone call or through official company channels after the request.

What Happens to Victims

Victims of this scam face serious financial damage. Unlike traditional bank frauds, UPI payments are instantaneous and typically irreversible once funds transfer completes, creating significant challenges for recovery. The victim company loses funds directly, which may run into several lakhs of rupees depending on the transaction size.

Emotionally, employees feel anxiety and guilt for falling victim to the impersonation, especially when internal trust is eroded within the organization. Sometimes, such fraud also involves misuse of Aadhaar-linked SIM cards for spoofing, leading to identity risks and complications with telecom providers.

Victims may also experience delays in inward vendor payments, impacting business operations. The India government’s 1930 cybercrime helpline and CERT-In have reported increasing complaints related to these CEO spoofing scams, emphasizing their growing frequency.

What RBI and CERT-In Say

Both the Reserve Bank of India (RBI) and CERT-In issue warnings about increasing fraud risks with UPI and messaging platforms like WhatsApp. The RBI has reminded users to verify any unusual payment requests through trusted channels and avoid confirming transactions through chat apps alone.

CERT-In advises caution against sharing sensitive details on WhatsApp and recommends immediate reporting of suspected financial fraud to cybercrime police and the 1930 helpline. The Indian Cyber Crime Coordination Centre (I4C) reinforces vigilance about spoofed numbers and provides resources for organizations to educate staff.

The 1930 national cybercrime helpline, run by the Ministry of Home Affairs, is the key government resource for reporting such scams. RBI’s customer care also includes reporting mechanisms for fraud-related complaints.

How to Protect Yourself

1. Verify phone numbers: Always confirm the CEO’s or senior executive’s WhatsApp contact through official means before acting on any payment request.
2. Use multiple channels: For urgent requests, verify via a phone call or official email addresses, not just messaging apps.
3. Watch UPI details: Cross-check UPI IDs or account numbers carefully—do not rely solely on what is sent through WhatsApp conversations.
4. Beware of urgency: Never make payments under undue pressure or secrecy, even if the message claims confidentiality.
5. Enable WhatsApp two-step verification: This reduces the risk of WhatsApp accounts being hacked or cloned.
6. Educate employees: Organizations should regularly train staff on spotting such impersonation scams and having clear payment authorization protocols.
7. Monitor your accounts: Check bank and UPI transaction alerts promptly and report any unauthorized payment without delay.

What to Do If You've Been Targeted

• Immediately block the suspicious WhatsApp contact.
• Report the incident to your company’s cybersecurity or IT team.
• Inform your bank or UPI provider about the unauthorized transaction to explore possible recovery options.
• File a cybercrime complaint on the official portal at cybercrime.gov.in.
• Call the 1930 cybercrime helpline for guidance and official assistance.
• Keep all communication records and screenshots for investigation.
• Consider changing your SIM or filing a grievance with your telecom operator if you suspect number spoofing involving your mobile.

Frequently Asked Questions

Q: Can UPI payments be reversed if sent to a spoofed number?
A: Generally, UPI payments are instant and final. While the bank may try to help in cases of fraud, reversal is not guaranteed. Reporting the fraud quickly improves chances of intervention.

Q: How can I check if a WhatsApp number is spoofed?
A: Look for subtle differences in the phone number digits and confirm through official contacts. Also, verify unusual payment requests through phone or email before transferring money.

Q: What makes this scam different from other WhatsApp frauds?
A: This scam uses fake CEO profiles with a number closely mimicking the real executive’s, increasing trust and pressure on employees to act without proper checks.

Always verify suspicious messages with BharatSecure.app and report fraud early through the 1930 helpline to protect yourself and your organization.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.