How to protect yourself from Account Takeover: Payroll and Refund Diversion Fraud?

Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared

Account Takeover: Payroll and Refund Diversion Fraud

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: UPI, Phishing, KYC

How Account Takeover: Payroll and Refund Diversion Fraud Works

Overview: Account takeover fraud has increasingly plagued Indian businesses, especially those handling large staff payroll or vendor refunds digitally. Here, cybercriminals gain access to a company email account (often by phishing or exploiting weak passwords) and use this access to alter where salary payments or refunds are sent. By the time the scam is detected, the funds have already vanished into accounts managed by fraud rings. This scam can affect both employees and entire departments, leading to wage theft, internal disruption, and legal action. How It Works: 1. Criminals send phishing emails to company employees, tricking one into revealing login credentials. 2. Gaining access, the scammer monitors internal communications, identifying upcoming payrolls or vendor payouts. 3. They send instructions to change the bank details for several employees or vendors—sometimes conducting small 'test' transactions first to check if changes will be successful. 4. Full salaries or refunds are then redirected to mule accounts created with the help of corrupt bank insiders. 5. Perpetrators rapidly transfer and withdraw the stolen amounts before detection. India Angle: Indian companies using UPI, NEFT, and IMPS for bulk payments are targeted, especially those using basic email security. Mule accounts are commonly opened in Tier 2 and 3 city branches with forged or stolen Aadhaar and PAN cards. The scam impacts both private and public sector companies, as well as high-volume gig platforms. Real Examples: "As discussed, please update payment details for the March salary. New account: 6201xxxxxx120, SBI

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Account Takeover: Payroll and Refund Diversion Fraud Target?

General public across India

Red Flags — How to Identify Account Takeover: Payroll and Refund Diversion Fraud

Requests to change bank account details via email
Instructions for small 'test' transactions
Emphasis on discretion or secrecy regarding payments
Changes outside normal channels
Unexpected new beneficiary names

What To Do If You Encounter Account Takeover: Payroll and Refund Diversion Fraud

Do not click any links or share personal information
Block and report the sender immediately
Report at cybercrime.gov.in or call 1930
Inform your bank if financial details were shared

How to Report Account Takeover: Payroll and Refund Diversion Fraud in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is Account Takeover: Payroll and Refund Diversion Fraud?: Overview: Account takeover fraud has increasingly plagued Indian businesses, especially those handling large staff payroll or vendor refunds digitally. Here, cybercriminals gain access to a company email account (often by phishing or exploiting weak passwords) and use this access to alter where salary payments or refunds are sent. By the time the scam is detected, the funds have already vanished into accounts managed by fraud rings. This scam can affect both employees and entire departments, lea
How does Account Takeover: Payroll and Refund Diversion Fraud work?: Overview: Account takeover fraud has increasingly plagued Indian businesses, especially those handling large staff payroll or vendor refunds digitally. Here, cybercriminals gain access to a company email account (often by phishing or exploiting weak passwords) and use this access to alter where salary payments or refunds are sent. By the time the scam is detected, the funds have already vanished i
How to protect yourself from Account Takeover: Payroll and Refund Diversion Fraud?: Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
How to report Account Takeover: Payroll and Refund Diversion Fraud in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.