Urgent Fund Transfer BEC via Messaging Apps — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated Jun 09, 2026

Severity: Critical | View Full Scam Details

Urgent Fund Transfer BEC Scam via WhatsApp Messaging in India 2026: What You Need to Know

A new wave of Business Email Compromise (BEC) frauds has shifted onto popular messaging apps like WhatsApp, targeting Indian companies with urgent fund transfer requests that risk stealing crores of rupees.

What Is the Urgent Fund Transfer BEC via Messaging Apps?

The Urgent Fund Transfer BEC scam in India involves fraudsters impersonating senior company officials—often CEOs or heads of finance—on messaging apps such as WhatsApp or Telegram, rather than traditional email. These scammers pose as trusted executives to pressure accounts teams into making immediate payments to fraudulent accounts.

This scam targets corporate employees responsible for funds disbursal, especially in finance, accounts, or procurement departments. It has seen a sharp rise across Indian businesses in both metro cities and Tier-2 centres, fueled by the popularity of WhatsApp as a communication tool within teams.

In recent months, government bodies including CERT-In (Computer Emergency Response Team - India) and I4C (Indian Cyber Crime Coordination Centre) have issued alerts advising vigilance against such messaging-app-based BEC attacks. Although the Reserve Bank of India (RBI) primarily addresses payment frauds, it emphasizes multi-factor authentication and fund transfer confirmations which relate indirectly to curbing such scams.

How This Scam Works — Step by Step

1. Initial Contact via Messaging App: The scam begins when a fraudster creates a fake WhatsApp profile mimicking a senior company executive’s contact information and picture. Sometimes they even compromise or spoof a legitimate phone number or account.

2. Impersonation with Urgent Messages: The fraudster sends a message to the target accounts team or finance personnel, claiming an urgent fund transfer is required—often citing a confidential deal or payment deadline.

3. Request for Transfer Details: The scammer instructs the victim to transfer a large sum of money (often several lakhs to crores of INR) to a specified bank account, pretending it’s for a vendor, partner, or government-related purpose.

4. Pressure and Secrecy: To prevent verification, the scammer stresses urgency and confidentiality, warning the victim not to discuss with others or delay the transaction.

5. Victim Makes Payment: Trusting the impersonation and urgency, the finance executive processes the payment via UPI or NEFT/RTGS to the fraudulent account.

6. Money Disappears: Once transferred, the money is quickly moved through multiple accounts or converted to cryptocurrencies, making recovery difficult.

7. Victim Realizes Fraud: The real executive then denies making any payment request, and by the time the company spots the scam, funds are gone.

Real Warning Signs to Watch For

• Unusual urgency or secrecy in payment requests: Genuine executives rarely demand last-minute, secretive transfers without proper protocol.
• New or unverified WhatsApp numbers: Messages come from recently created profiles or numbers not saved in official contacts.
• Requests outside normal workflows: Payments requested without purchase orders, invoices, or prior approvals.
• Inconsistencies in language or tone: The message may have spelling errors, unusual phrasing, or differ from the executive’s usual style.
• Different payment accounts than usual: Fund transfer details don’t match previously known vendor or partner bank details.
• Avoidance of direct calls: Scammers refuse voice or video calls that could verify their identity.
• Pressure to bypass security controls: Urging to skip multi-factor authentication or ignore standard verification steps.

What Happens to Victims

Victims of this scam often face severe financial losses running into lakhs or even crores of rupees. Given that payments happen via UPI, NEFT, or RTGS, and move rapidly across multiple banks or wallets, banks typically struggle to reverse transactions once completed.

Besides monetary loss, companies endure operational disruptions and reputational damage. Employees suffer from stress and embarrassment for falling prey to fraud. In some cases, attackers also misuse Aadhaar details or effect SIM swaps to deepen the attack or launder money, which complicates investigations.

Victims usually approach cybercrime police and file FIRs, but due to complex money trails and cross-border movement of funds, recovery is often challenging. This underscores the necessity of prevention over cure.

What RBI and CERT-In Say

RBI continuously advises all payment system users in India to enable multi-factor authentication and verify beneficiary details through multiple channels before sanctioning fund transfers. The RBI also reminds businesses that UPI transactions completed cannot be reversed without the recipient’s consent, urging caution.

CERT-In and I4C regularly publish advisories warning against social engineering attacks via messaging apps. They recommend verifying payment requests through independent means and report incidences immediately via the national cybercrime portal (cybercrime.gov.in) or the 1930 helpline. CERT-In has stressed following IT Rules 2021 directives related to due diligence in business communications.

How to Protect Yourself

1. Verify payment requests via official channels: Always call or meet the executive on known phone numbers or face-to-face before processing urgent funds.
2. Do not trust new or unknown WhatsApp numbers: Confirm identities personally, especially when payment requests are involved.
3. Check for official documentation: Ensure there is a purchase order or invoice matching the transaction before approving any fund transfer.
4. Enable UPI two-factor authentication: Always authorize payments with your mobile banking app passcode or biometrics.
5. Train staff about social engineering risks: Regularly update teams on current scam techniques and encourage skepticism about unusual requests.
6. Set internal protocols for fund transfers: Require approvals from multiple senior managers for high-value payments.
7. Report suspicious messages immediately: Inform your IT department and file complaints with cybercrime authorities if you suspect a scam.

What to Do If You've Been Targeted

• Stop all further fund transfers immediately: Freeze accounts where possible through your bank.
• Report to your bank's fraud department: Notify them to block suspicious accounts and transactions.
• File a complaint with local police and cybercrime authorities: Use the national cybercrime portal (cybercrime.gov.in) or call the dedicated 1930 helpline.
• Alert your company’s IT and security teams: They can help contain the breach and prevent further social engineering attacks.
• Keep records of all communications: Save messages, call logs, and transaction details for investigation.
• Consider professional legal and cybersecurity help: For financial recovery or deeper forensic analysis.

Frequently Asked Questions

Q: Can UPI payments be reversed if sent to scammer accounts?
No. Most UPI transactions in India are final and cannot be reversed without the recipient’s cooperation. This makes it critical to verify payment details before authorizing transfers.

Q: How do scammers get the profile details of real executives?
According to public complaints, fraudsters collect data from social media, company websites, or leaked sources, then create fake profiles mimicking official contacts.

Q: Is WhatsApp safe for official business communication?
WhatsApp uses end-to-end encryption, but scammers exploit human trust via impersonation. Always verify important requests through additional, trusted channels beyond messaging apps.

For more information or to verify suspicious messages, visit BharatSecure.app. To report fraud, call the 1930 cybercrime helpline immediately.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.