Corporate Deepfake Video Authorization Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated Jun 09, 2026

Severity: Critical | View Full Scam Details

Corporate Deepfake Video Authorization Scam India 2026: A New Threat on WhatsApp

India is witnessing a dangerous surge in cyber fraud with the rise of corporate deepfake video authorization scams, especially targeting businesses via WhatsApp.

What Is the Corporate Deepfake Video Authorization Scam?

The corporate deepfake video authorization scam is a sophisticated fraud where scammers use artificially generated video and voice that mimic a senior executive or business leader to deceive employees into authorizing fraudulent transactions. These deepfake videos show a trusted figure seemingly instructing staff to transfer money or share confidential access details, making the scam particularly effective and deceptive.

In India, this scam targets middle and back-office staff of companies, including finance teams and accounts payable departments. The fraudsters often initiate contact through WhatsApp messages or calls, exploiting India’s high WhatsApp penetration in business communication. The scam is reported in several metros and Tier 1 cities and is increasingly observed in sectors like manufacturing, IT, and trading.

CERT-In and the Indian Cyber Crime Coordination Centre (I4C) have issued advisories warning about the use of AI-generated synthetic media in corporate fraud. While not yet widespread, law enforcement and RBI note the sharp rise in cases where victims lose crores via UPI and NEFT payments caused by deceptive digital requests.

How This Scam Works — Step by Step

1. Initial WhatsApp Contact: Scammers create a fake WhatsApp account using a number masked closely to the company or executive’s known contact details (for example, +91 98XXXXXX12). They send a message or make a call pretending to be a CEO or CFO, often referencing ongoing projects or recent meetings to sound credible.

2. Sharing Deepfake Video: Within the chat, the fraudsters send a short deepfake video showing the “executive” instructing the victim to urgently approve a high-value transaction or share OTPs and UPI PIN details for “vendor payments” or “contractual services”.

3. Urgent Demand & Secrecy: The scammer stresses urgency to bypass normal security checks and requests the victim not to disclose the instruction to anyone else, especially the finance or IT security team.

4. Fake Authorization: Based on the video and voice, the employee authorizes fund transfers by UPI or bank NEFT/RTGS, following the fake instructions.

5. Fund Diversion: The payment is routed to accounts controlled by the scammers, often linked to multiple fraudulent apps or shell companies, making tracing difficult.

6. Aftermath: Victims realise only hours or days later when reconciliation reports detect missing money, by which time scammers have withdrawn or moved funds abroad.

Real Warning Signs to Watch For

• Unexpected WhatsApp messages or calls from senior executives, differing from usual communication channels.
• Video or voice messages demanding urgent money transfers without following official approval flows.
• Requests to keep the transaction secret or avoid discussing with other colleagues.
• Unusual payment requests to new or unknown UPI IDs or bank accounts like us**@bank or account XXXX1234.
• Pressure tactics or unusual urgency inconsistent with normal business practice.
• Deepfake video quality that is slightly off — unnatural lip-sync, unclear background, or odd facial movements.
• Discrepancies in sender’s phone number or contact info that are close but not exact.

What Happens to Victims

Victims often face severe financial losses ranging from lakhs to crores of INR, which can cripple small and medium enterprises. Since UPI and NEFT transactions are instantaneous and irreversible, recovering the funds through banks or RBI mechanisms is hard.

The scam also leads to emotional stress due to betrayal within trusted business relationships and damage to a company’s reputation. Victims often struggle with loss of client trust and regulatory scrutiny, especially if Aadhaar-linked KYC or SIM cards were misused to facilitate the fraud.

Further, SIM swap fraud and identity theft linked with such scams can expose victims to continued cyber risks, including unauthorized access to email and payroll systems.

What RBI and CERT-In Say

In its 2026 circular on digital payment frauds, RBI reiterated strict vigilance regarding authorization procedures, emphasizing multi-factor authentication for transactions above certain thresholds. RBI’s grievance redressal helpline also offers support for UPI fraud victims.

CERT-In has issued alerts about the rise of AI-generated synthetic media in cyber fraud, advising organisations to conduct employee training and implement video call verification protocols for high-value transactions. The Indian Cyber Crime Coordination Centre (I4C) urges reporting incidents promptly to cybercrime.gov.in and highlights 1930 as the national cybercrime helpline in India.

How to Protect Yourself

1. Verify Identity Offline: If requested to approve transactions via video or voice on WhatsApp, confirm through a separate known channel like a phone call or email.
2. Don’t Share OTP or PIN: Never share your banking OTP, UPI PIN, or password, even if the request comes from a “superior.”
3. Use Multi-level Approvals: Businesses should implement at least two-factor authorization for payments exceeding ₹50,000.
4. Watch for Deepfake Clues: Learn to spot video or voice anomalies and report suspicious media to your company’s IT or security team.
5. Block and Report the Number: Immediately block suspicious WhatsApp contacts and report numbers to WhatsApp and cybercrime.gov.in.
6. Limit WhatsApp for Business Info: Avoid sharing confidential financial instructions or approvals on WhatsApp; use official business communication platforms.
7. Enable UPI App Security: Use UPI app lock features and regularly update your banking app to guard against unauthorized access.

What to Do If You've Been Targeted

1. Immediately notify your company management and IT department.
2. Contact your bank and block any linked accounts or payment services to prevent further transactions.
3. File a cybercrime complaint at cybercrime.gov.in, providing all evidence such as WhatsApp chats, videos, and transaction details.
4. Call the 1930 national cybercrime helpline to report the incident and get guidance.
5. Report the scam numbers and media to WhatsApp via the app’s report feature.
6. Monitor your Aadhaar and SIM card activity for any unauthorized usages, and register complaints with the telecom operator if SIM swap is suspected.

Frequently Asked Questions

Q1: Can a deepfake video really fool audio-visual verification?
Yes, deepfake technology has advanced enough to mimic voices and faces very convincingly. That’s why offline or multi-channel verification methods are critical before approving high-value payments.

Q2: If I lose money via a UPI transfer in this scam, can I get a refund?
UPI transactions are generally final and cannot be reversed easily. Banks may assist in investigations but victims should act fast, report to authorities, and freeze accounts to limit losses.

Q3: How can a company prevent such scams from targeting their employees on WhatsApp?
Implement strict communication protocols, conduct phishing and scam awareness training, avoid WhatsApp for sensitive financial instructions, and use secure business communication apps with two-factor authentication.

Stay alert against this emerging deepfake scam threatening Indian businesses. When in doubt, verify suspicious messages or video requests at BharatSecure.app and report fraud immediately at 1930.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.