What to do if I shared my company details in a WhatsApp scam?

Immediately contact your bank's helpline, such as SBI at 1800-11-1109 or HDFC at 1800-202-6161, to report the incident. Also, visit cybercrime.gov.in to file a complaint.

How can I identify if a CEO's communication is legitimate or a scam?

Look for inconsistencies in the message, uncharacteristic requests, or any urgency that seems out of character. Always verify through a different communication method.

How can I report this type of scam in India?

You can report by calling the cybercrime helpline at 1930 or filing a complaint at cybercrime.gov.in. It is essential to notify your bank if any financial information is shared.

What steps should I take to recover money after falling victim to this scam?

Contact your bank immediately to report the fraud. They may be able to reverse the transaction if reported quickly. Additionally, file a report on cybercrime.gov.in for further assistance.

AI Deepfake CEO Fraud (BEC Scam)

Verdict: Suspicious | Risk Score: 10/10 | Severity: critical

Category: WhatsApp

How AI Deepfake CEO Fraud (BEC Scam) Works

Overview: AI deepfake CEO fraud scams are a new wave of business email compromise (BEC) attacks where criminals use synthetic voice and video to impersonate top executives. Targeting Indian corporate staff, especially those in finance, HR, or admin roles, these scams manipulate employees into transferring company funds or releasing confidential data. The growing use of AI makes these cons highly realistic and challenging to spot, leading to significant financial losses and reputational harm. How It Works: 1. Attackers monitor company executives' social media and public appearances to gather speech and video data. 2. They craft emails or make WhatsApp/phone calls, using AI to perfectly mimic a CEO or director's tone and style. 3. The impersonator urgently requests a sensitive money transfer or the sharing of restricted information, citing confidential reasons or emergencies. 4. Employees, believing the request is genuine, act as instructed—transferring money, sharing bank details, or approving major purchases. 5. Funds are swiftly withdrawn via mule accounts, leaving little chance for recovery. India Angle: This scam is being reported in India's metros—Mumbai, Bengaluru, Delhi—targeting tech companies, finance firms, and even startups. Fraudsters use WhatsApp, email, or even locally popular business platforms, sometimes dialing in Hindi or regional languages for credibility. Employees of large Indian companies or MNCs are frequent targets. Real Examples: - A WhatsApp voice note: “This is Mr. Sharma, please urgently transfer 8 lakhs to this account for a confidential deal. I'll explain later—don’t inform anyone.” - An email: “I am travelling for an urgent meeting, process this payment as discussed. Only you are authorized.” Red Flags: - Sudden financial requests from senior management, especially via WhatsApp or email. - Language/style feels urgent or uncharacteristically secretive. - Demands for confidentiality: "Don't inform anyone else." - Strange bank account details unlinked to company records. - Call or voice message sounds slightly off or robotic. Protective Measures: - Always verify any unusual financial request in person or via an official phone call. - Set clear company policies for sensitive transactions. - Enable dual approval protocols for transfers above INR 50,000. - Educate employees on BEC and deepfake threats regularly. - Use secure business channels; avoid transacting based on WhatsApp alone. If Victimised: - Freeze the transaction and alert your bank’s fraud team. - Report the incident to cybercrime.gov.in and dial 1930 immediately. - Inform your management and IT department without delay. Related Scams: - Classic email-based BEC scams. - WhatsApp business account impersonations. - Vendor payment redirection fraud.

How This Scam Works — Detailed Explanation

AI Deepfake CEO Fraud scams employ advanced technology to impersonate senior executives in companies, exploiting platforms like WhatsApp and email to reach employees. Scammers gather information about the company, its executives, and internal processes through social media, LinkedIn, and even corporate websites. This intelligence helps them create a convincing profile of the executive, allowing them to approach employees in finance, human resources, or administration with alarming authenticity. They often initiate contact through WhatsApp, given its wide usage in India for business communication, quickly leading to emotional manipulation and pressure on the employees to act without verification.

To execute these scams, criminals typically use synthetic voices and videos created by AI tools, making their impersonation almost indistinguishable from real executives. Tactics include establishing a sense of urgency by claiming immediate funds are needed for an important transaction or that they require confidential information to secure a business deal. The psychological aspect of these scams hinges on trust, as employees are conditioned to comply with directives from senior management without questioning them. This lack of skepticism can lead to disastrous consequences when employees are instructed to transfer large sums of money or share sensitive data.

Once victims engage with these threats, they often find themselves manipulated step-by-step through a carefully crafted sequence of demands. For instance, an employee may receive a WhatsApp message or a phone call from a deepfake voice claiming to be the CEO requesting an urgent funds transfer to a new account. Victims are often led to use digital payment methods like UPI, stating it's the fastest way to comply due to time constraints. As amped-up as the pressure feels, many employees genuinely believe they are executing legitimate requests from their superiors. Cases have been reported where Indian firms lost ₹5 crore in a single incident due to this burgeoning scam.

The real-world impact of AI Deepfake CEO Fraud is alarming. Reports suggest that corporate India is facing escalating financial losses due to these scams, with estimates indicating that approximately ₹12 crore were lost in India to various Business Email Compromise scams in just the last reported quarter alone. Cybersecurity agencies such as CERT-In and guidelines from the RBI highlight this rising threat, signifying the vital need for upgraded awareness measures in organizations. Companies must recognize the potential threats posed by such scams, especially as technological advances make these impersonations easier to achieve and harder to detect.

To effectively spot these types of scams, employees must remain alert for specific warning signals. If a senior executive provides instructions that are out of character, such as immediate financial transactions with high confidentiality, it should raise eyebrows. Additionally, communication that features odd robotic qualities in voice notes or messages suggesting secrecy should be scrutinized. Ensuring that all financial transactions are verified through established protocols, such as confirming with the executive through face-to-face meetings or a separate communication channel, could prevent considerable losses and safeguard sensitive company data.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does AI Deepfake CEO Fraud (BEC Scam) Target?

General public across India

Red Flags — How to Identify AI Deepfake CEO Fraud (BEC Scam)

Uncharacteristic instructions from senior executives
Requests for urgent money transfers to new accounts
Emails or calls stressing secrecy and confidentiality
Voice notes that sound oddly robotic or unnatural

What To Do If You Encounter AI Deepfake CEO Fraud (BEC Scam)

Report any suspicious communication to the cybercrime helpline at 1930 immediately.
Verify unexpected requests for money transfers by contacting the executive directly through a known and trusted communication channel.
Notify your company's IT security team about any suspected deepfake attempts to aid in mitigation efforts.
Educate coworkers on recognizing AI deepfake scams and promote awareness within the organization.
Consider using voice authentication or two-factor authentication methods for high-value transactions.
Review your company's cybersecurity policies regularly and ensure they include guidelines for identifying and reporting suspicious activities.

How to Report AI Deepfake CEO Fraud (BEC Scam) in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my company details in a WhatsApp scam?: Immediately contact your bank's helpline, such as SBI at 1800-11-1109 or HDFC at 1800-202-6161, to report the incident. Also, visit cybercrime.gov.in to file a complaint.
How can I identify if a CEO's communication is legitimate or a scam?: Look for inconsistencies in the message, uncharacteristic requests, or any urgency that seems out of character. Always verify through a different communication method.
How can I report this type of scam in India?: You can report by calling the cybercrime helpline at 1930 or filing a complaint at cybercrime.gov.in. It is essential to notify your bank if any financial information is shared.
What steps should I take to recover money after falling victim to this scam?: Contact your bank immediately to report the fraud. They may be able to reverse the transaction if reported quickly. Additionally, file a report on cybercrime.gov.in for further assistance.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.