What to do if I shared sensitive information in a Payroll Diversion scam?

Immediately report the incident to the cybercrime helpline at 1930 and change your email and online banking passwords.

How can I identify an Accounts Department Payroll Diversion Scam?

Look for email requests for payroll changes that lack formal approval, especially if the sender's email address is slightly altered and creates a sense of urgency.

How do I report this type of scam in India?

You can report payroll diversion scams at the cybercrime helpline 1930 or file a report at cybercrime.gov.in.

What steps can I take to recover my money or protect my accounts after falling victim to this scam?

Contact your bank immediately to report the incident and attempt to secure your account. Follow up with the cybercrime authorities for guidance on further recovery steps.

Accounts Department Payroll Diversion Scam

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: WhatsApp, Refund

How Accounts Department Payroll Diversion Scam Works

Overview: Payroll Diversion is a growing threat to Indian businesses where attackers impersonate staff via email, instructing the HR or payroll team to change bank account numbers for salary deposits. The result is that the real employee never receives their wage, while the scammer pockets the money. This scam is effective in medium to large enterprises with centralized HR or payroll operations, especially those handling monthly bulk salary transfers. How It Works: 1. Scammer identifies an employee (often from leaked databases, portals, or company web pages). 2. Using a similar-looking or compromised email account, the attacker contacts HR: “I have updated my bank account, please ensure my salary is credited to this new account from this month.” 3. Since such requests are common, and turnover is high, HR or payroll staff may process the change without further checks. 4. Salary is credited to the scammer’s account instead of the real employee. India Angle: The scam is rampant in Delhi, Mumbai, and Hyderabad, where large firms handle thousands of salary credits. Targeted communications are often in English but sometimes in Hindi. Real Examples: HR at a major IT company in Bengaluru receives: “Hi, I’ve changed my salary account. Please update to Acc No 9XXXXXX at SBI for this month’s payroll.” The sender address [ADDRESS_REDACTED]. Red Flags: - Salary account update requests from emails, not official portals - Sender address [ADDRESS_REDACTED] - Email pushed urgently near payroll processing deadlines - Requests for secrecy (“I haven’t told my manager yet”) Protective Measures: - Verify salary account changes with a phone or video call to the staff member - Don’t process any payroll changes based on email alone - Enable two-person authorisation for payroll modifications - Guide all employees to use HR portals for changes - Keep logs of all payroll-related requests and approvals If Victimised: - Contact your bank’s fraud department immediately - Report to 1930 and cybercrime.gov.in - Re-credit affected employee and alert payroll staff Related Scams: - Internal HR Portal Account Compromise - Fake Tax Refund Email Scams - Impersonation of HR via WhatsApp for sensitive changes

How This Scam Works — Detailed Explanation

In the Accounts Department Payroll Diversion Scam, perpetrators often start by targeting medium to large enterprises, where payroll operations are centralized. They employ various online platforms like LinkedIn or company websites to identify employees in critical roles in HR or payroll departments. Once a target is selected, the scammers meticulously craft phishing emails that appear to come from trusted sources within the organization. By closely mimicking the email addresses of genuine employees, close enough that a casual glance might overlook the slight variations, they significantly increase their chances of success. The prevalence of messaging platforms like WhatsApp further fuels this scam, as scammers may also initiate contact via these channels, claiming urgency surrounding payroll adjustments.

Scammers leverage psychological techniques such as urgency, authority, and secrecy to manipulate victims. For instance, they craft messages suggesting that there is a pressing need to update account information for a fictitious reason—such as a company policy change or issues with the previous bank account. By emphasizing a short deadline for payroll processing, they create panic and urgency that makes victims act swiftly without verifying the request. This psychological pressure often leads employees to disregard proper procedures, and their trust in their colleagues is exploited in a harmful way. The added layer of using emails that look similar to their actual coworkers further solidifies their deceptive tactics, making it easy for HR personnel to overlook red flags.

Once the scam has ensnared the victim, the process typically unfolds as follows: the HR or payroll representative receives an email requesting a change in bank account details for salary deposits. Following the request, the perpetrator may instruct them to make the update immediately and discourage any verification call to the supposed sender. For example, if an employee's salary is directed to a bank account in India (say SBI or HDFC), the scammer stands to pocket that entire amount. Let’s assume an employee earning ₹50,000 monthly falls victim; they likely won't realize the scam until payday arrives, and they notice that their salary hasn't been deposited. Meanwhile, the scammer has already withdrawn the funds, leaving the real employee in distress.

The financial impact of the Accounts Department Payroll Diversion Scam is significant. Reports indicate that businesses in India have lost around ₹12 crore to this scam over the past few years, with an alarming rise in incidents during the pandemic when remote working became the norm. Agencies such as the Ministry of Home Affairs (MHA), the Reserve Bank of India (RBI), and CERT-In have issued advisories warning organizations and employees about these types of fraud. It has become essential for businesses to be aware of these scams, as they not only lead to direct financial losses but can also cause reputational harm to companies affected by such breaches. Moreover, the complexities of recovering lost funds can lead to additional frustration for victims who find themselves navigating a labyrinth of regulatory and legal hurdles.

Recognizing this scam versus legitimate requests is critical for prevention. Employees should always be skeptical when receiving payroll change requests via email instead of through official portals. If a document lacks proper approval protocols, or if there is an uncharacteristic sense of urgency that circumvents normal approval processes, these should be seen as red flags. Legitimate payroll change requests should always come through verified channels such as internal portals or require verification through verbal confirmation—particularly in a tightly held chain of command. Maintaining awareness and following company protocols can significantly reduce the risk of falling prey to such scams.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Accounts Department Payroll Diversion Scam Target?

General public across India

Red Flags — How to Identify Accounts Department Payroll Diversion Scam

Payroll change requests by email not portal
Sender email nearly matches a real employee
Secrecy or urgency around payroll deadlines
No direct verbal or portal confirmation
HR is asked to bypass approvals

What To Do If You Encounter Accounts Department Payroll Diversion Scam

Report the incident immediately to the cybercrime helpline 1930 or visit cybercrime.gov.in.
Notify your HR or payroll department about the suspected email immediately.
Reach out to your bank using helplines such as SBI 1800-11-1109 or HDFC 1800-202-6161 to alert them of potential fraud.
Change your email and online banking passwords to prevent further unauthorized access.
Monitor your bank statements closely for any unauthorized transactions.
Educate employees on recognizing scams and the importance of following protocol for sensitive requests.

How to Report Accounts Department Payroll Diversion Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared sensitive information in a Payroll Diversion scam?: Immediately report the incident to the cybercrime helpline at 1930 and change your email and online banking passwords.
How can I identify an Accounts Department Payroll Diversion Scam?: Look for email requests for payroll changes that lack formal approval, especially if the sender's email address is slightly altered and creates a sense of urgency.
How do I report this type of scam in India?: You can report payroll diversion scams at the cybercrime helpline 1930 or file a report at cybercrime.gov.in.
What steps can I take to recover my money or protect my accounts after falling victim to this scam?: Contact your bank immediately to report the incident and attempt to secure your account. Follow up with the cybercrime authorities for guidance on further recovery steps.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.