Telegram Director Overseas Deal Deepfake Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 01, 2026

Severity: HIGH | View Full Scam Details

Telegram Director Deepfake Scam: How to Protect Yourself in India (2026)

The 'Telegram Director Overseas Deal Deepfake Scam' is a dangerous new fraud targeting Indian businesses, using deepfake technology to trick employees into making unauthorized transfers.

What Is the Telegram Director Overseas Deal Deepfake Scam?

This sophisticated scam is preying on Indian businesses by leveraging deepfake technology and social engineering techniques. Scammers target employees, particularly those in finance or operations roles, by impersonating high-level executives, most commonly the company director. They use publicly available information, often gleaned from platforms like LinkedIn, to understand the company's ongoing deals, transactions, and organizational structure. This allows them to create a highly credible persona, making it difficult for unsuspecting employees to detect the deception. The scam relies on the immediacy and perceived authority associated with direct communication from a superior, bypassing official channels for greater impact. Because WhatsApp and Telegram are so common for work communication in India, this scam is especially effective. While there haven't been specific advisories related to this exact scam yet, CERT-In and I4C routinely warn against social engineering attacks and the dangers of unverified online communication.

The scam operates by crafting believable scenarios – often involving time-sensitive "urgent" overseas transactions or deals that require immediate attention. By using deepfake audio or video of the director, scammers create the illusion of authenticity, convincing employees that they are indeed communicating with and receiving instructions from their superior. This deception is then used to manipulate employees into transferring funds or sharing sensitive company information. The increasing sophistication of deepfake technology, coupled with the widespread use of messaging apps like Telegram within Indian workplaces, makes this scam particularly challenging to detect, and the financial losses can be substantial.

How This Scam Works — Step by Step

Here's a breakdown of how the Telegram Director Overseas Deal Deepfake Scam typically unfolds:

1. Information Gathering: Scammers meticulously gather information about a company and its key personnel, especially directors, using platforms like LinkedIn, the company website, and press releases. They identify ongoing deals, financial transactions, and internal communication patterns.

2. Deepfake Creation: Using readily available deepfake technology, scammers create convincing audio or video impersonations of the director. This might involve splicing together existing audio clips or using AI-powered tools to generate entirely fabricated content.

3. Initial Contact: The scammer contacts an employee, often via WhatsApp or Telegram, posing as the director. They might use a newly created account with a profile picture copied from the director’s social media.

4. Building Credibility: The initial message typically involves establishing a sense of urgency and importance. For example, "I am in an important meeting regarding [company deal name] and need your urgent assistance."

5. The "Urgent" Request: The scammer will then request a financial transaction, claiming it's vital for closing the deal. They might say something like, "We need to make an immediate payment of INR [amount] to [overseas entity]. I am having trouble with my bank account right now, so can you handle it?"

6. Adding Pressure: To prevent the employee from verifying the request through official channels, the scammer will often create pressure by stating that the transaction is time-sensitive and requires utmost secrecy. They might say that the deal will be ruined if the payment is delayed or leaked.

7. Financial Loss: The employee, believing they are acting on the director's direct instructions, transfers the funds to the scammer's account (often a mule account).

8. Harvesting Data: If the employee pushes back, the scammer might ask for sensitive company data to verify their position. This data – such as revenue reports, invoices or purchase requests – could be used for identity theft or future scams.

Real Warning Signs to Watch For

• Unusual Communication Channel: The director contacts you via Telegram or WhatsApp instead of official email or company messaging platforms.
• Urgent and Secretive Requests: The request is presented as extremely urgent and requires you to keep it confidential, preventing you from verifying it through normal channels.
• Unfamiliar Transaction Details: The bank account or payment details are different from the usual vendors or partners the company works with.
• Poor Audio or Video Quality: If a video or audio call is involved, the quality is noticeably poor, potentially hiding visual or auditory inconsistencies.
• Out-of-Character Behavior: The director's communication style feels different from their usual demeanor or language.
• Demanding Immediate Action: The scammer pressures you to act quickly without giving you time to think or verify the request fully.
• Unfamiliar Language: The language feels uncharacteristic for the company with odd grammar or spelling mistakes.

What Happens to Victims

The victims of this scam face significant financial and emotional consequences. Indian companies can lose substantial amounts of money, potentially disrupting their operations and impacting their financial stability. Employees who fall victim to the scam may face disciplinary action, job loss, and severe emotional distress due to the guilt and shame associated with being deceived. Further, stolen funds are often nearly impossible to recover, especially if transferred overseas. In some cases, the scammers may attempt to leverage stolen Aadhaar details or other personal information to open fraudulent accounts or take out loans, causing further financial hardship and legal troubles for the victims. The misuse of UPI platforms in these scams is also a growing concern, making it crucial to verify any payment requests rigorously. Stolen company data could lead to regulatory fines or competitive disadvantage.

What RBI and CERT-In Say

While there might not be a specific advisory addressing the "Telegram Director Overseas Deal Deepfake Scam" directly, the Reserve Bank of India (RBI) frequently issues warnings about online fraud and unauthorized transactions. CERT-In routinely publishes advisories on phishing attacks, social engineering scams, and the importance of verifying digital communications. They also stress the need for robust cybersecurity practices within organizations.

It is crucial to remember that RBI's Banking Ombudsman Scheme provides a redressal mechanism for customers facing issues with their banks, including instances of fraud. The government's cybercrime.gov.in portal offers resources and reporting mechanisms for victims of cybercrime. The 1930 cybercrime helpline number is a crucial resource for reporting incidents and seeking assistance.

How to Protect Yourself

1. Verify All Requests: Before acting on any financial request received via Telegram or WhatsApp, independently verify it through official channels, such as a phone call to the director or a confirmation email to their official company address.
2. Double-Check Payment Details: Always confirm the bank account details with the finance department or the intended recipient before making any transfers.
3. Be Skeptical of Urgent Requests: Treat any request presented as extremely urgent or requiring absolute secrecy with extreme caution.
4. Educate Employees: Conduct regular cybersecurity awareness training for employees, focusing specifically on social engineering tactics and the risks of deepfake technology.
5. Implement Multi-Factor Authentication: Enforce multi-factor authentication for all critical systems and financial transactions to add an extra layer of security.
6. Use Strong Passwords: Always use unique, strong passwords for company accounts.
7. Report Suspicious Activity: Immediately report any suspicious communication or activity to your IT department and the cybercrime authorities.

What to Do If You've Been Targeted

• Report Immediately: Immediately report the incident to the National Cyber Crime Reporting Portal (cybercrime.gov.in) and call the cybercrime helpline at 1930.
• Contact Your Bank: Notify your bank and request them to freeze your account and attempt to stop the fraudulent transaction.
• Gather Evidence: Preserve all evidence, including the scam messages, phone numbers, and transaction details.
• File a Police Complaint: File a formal complaint with your local police station.
• Notify Your Company: Inform your employer about the incident, especially if it involved company funds or sensitive information.
• Monitor Your Accounts: Keep a close watch on your bank accounts and credit reports for any signs of unauthorized activity.

Frequently Asked Questions

Q: How can I tell if a video or audio call is a deepfake? A: Deepfakes can be very convincing, but look for signs of unnatural blinking, inconsistent lighting, or distorted audio. If something feels off, trust your gut and verify the request through another channel.

Q: What if I already made the payment? Is there any chance of getting my money back? A: The chances of recovering the funds are slim, but it's essential to report the incident immediately to your bank and the cybercrime authorities. They may be able to trace the funds and potentially recover some of them. Time is of the essence in these situations.

Q: Can I be held liable if I fall victim to this scam? A: It depends on the circumstances and your company's policies. However, if you followed established protocols and were genuinely deceived, you may not be held liable. It's crucial to cooperate fully with any internal investigations.

If you receive a suspicious message or request, don't take chances. Verify it with BharatSecure.app today to protect yourself and your company.