What to do if I shared my OTP in a UPI scam?

If you've shared your OTP, immediately contact your bank's customer service helpline, like SBI at 1800-11-1109 or HDFC at 1800-202-6161. You should also report the incident to the cybercrime helpline at 1930.

How do I identify a business email compromise phishing attempt?

Look for generic greetings, requests for urgent action, and suspicious hyperlinks that don’t match your company's domain. These are key indicators of a phishing attempt.

How to report this type of scam in India?

You can report such scams by calling the cybercrime helpline at 1930 or by visiting cybercrime.gov.in to file an online complaint. Additionally, inform your bank about the fraudulent activity.

How to recover or protect my accounts after falling victim to this scam?

Change your passwords immediately and enable two-factor authentication. Contact your bank or any affected service providers to secure your accounts and prevent further unauthorized access.

Business Email Account Phishing Compromise

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: UPI, Phishing

How Business Email Account Phishing Compromise Works

Overview: Business email account phishing is a scam where cybercriminals send convincing phishing messages to employees in Indian companies, aiming to steal login credentials for official email accounts. Once they gain access, attackers use these accounts to launch further frauds, including vendor payment redirection and sensitive data theft. These scams are dangerous because they can strike Indian businesses at multiple levels, from finances to reputation. How It Works: The scam starts with a phishing email, often disguised as a file-sharing notification or an IT update. The message asks the recipient to click a link and log in using company credentials. The fake login page looks almost identical to the real one, capturing user IDs and passwords. With access in hand, the fraudster monitors the mailbox, gathering intelligence and sending fraudulent requests to colleagues, partners, or clients, all from the legitimate email address. India Angle: Phishing emails commonly target businesses in IT, finance, and export sectors across Bengaluru, Mumbai, and Pune. Hackers may mimic platforms popular in India, such as Zoho Mail or G Suite, and craft messages in English or Hindi for broader reach. Scams intensify around financial close dates or after public holidays, taking advantage of lower vigilance. Real Examples: Example 1: A Mumbai finance officer gets an email: 'Your mailbox storage is full. Click here to verify and avoid disruption.' On clicking, her credentials are phished. Example 2: An employee in Pune receives a mail with a link, 'View your salary slip,' directing to a fake HR portal. Red Flags: 1. Emails urging immediate login due to 'security alerts' or 'urgent updates.' 2. Links leading to webpages that look strange or have odd URLs. 3. Emails from unknown senders or those using copied company branding. 4. Requests for login info over email. Protective Measures: Enable multi-factor authentication on all work email accounts. Train staff to identify suspicious links and report phishing attempts. Use official platforms and verify unusual IT requests by phone or video with your company’s IT department. Never click links in unsolicited emails. If Victimised: Immediately change all passwords and alert your IT team. Inform your bank if any fraudulent payments are attempted. Report to cybercrime.gov.in and use helpline 1930. Related Scams: - UPI fraud via compromised email notifications - Deepfake video calls requesting sensitive data

How This Scam Works — Detailed Explanation

Business email account phishing compromise is a method employed by cybercriminals to access the email accounts of employees in Indian companies. This scam typically starts with the attackers gathering information about their targets through various online platforms such as LinkedIn, company websites, or even social media. They might identify individuals in finance or administration roles, as these employees are more likely to have access to sensitive company information and payment systems. Once identified, the attackers generally craft an enticing phishing email that looks convincingly authentic, often mimicking the original company's email format, logos, and even terminology. They take advantage of India’s booming digital payment systems, particularly UPI (Unified Payments Interface), to gain access to sensitive information needed to carry out fraudulent financial transactions.

To execute the scam, the fraudsters use several psychological tactics to create a sense of urgency or fear among the recipients. They might state that there has been unusual activity in the employee’s account that requires immediate action. This might push the employee into a panic mode, leading them to click on suspicious links or respond to the phishing email with their login credentials. Other tactics include using fake attachments that may also contain malware or simply asking for sensitive information directly in the email, which may seem harmless at first glance. Emails that contain generic greetings such as 'Dear User' can be an indication that you are dealing with a phishing attempt since official communications usually address employees by name.

Once an employee falls victim to this scam, attackers gain full access to their email account. With this access, they can initiate further fraudulent activities within the organization. For instance, they might monitor email communications to identify opportunities to redirect vendor payments to fraudulent accounts, ultimately leading to significant financial losses. A stark example is a case in 2022 where a medium-sized Indian manufacturing firm lost around ₹20 crore after a cybercriminal accessed their email account and redirected payments to a fake vendor account. The fallout from such attacks is not just financial; they can severely damage a company's reputation, leading to loss of trust among clients and partners which can take years to rebuild.

The impact of business email account phishing on the Indian corporate landscape is alarming. The Ministry of Home Affairs (MHA) has noted a rise in such scams, with the Reserve Bank of India (RBI) and the Computer Emergency Response Team of India (CERT-In) issuing advisories on how to identify and mitigate risks from these types of scams. In 2023, financial institutions reported that scams linked to phishing, including business email compromise, caused losses of over ₹500 crore across various sectors. It reveals a pressing need for increased awareness and preventive measures against such fraudulent schemes among corporate employees and management alike.

To differentiate between legitimate and phishing communications, one should look for red flags. For instance, check the hyperlinks in emails; they often do not match the official company domain. Be suspicious of emails that request urgent actions such as password resets or login confirmations. Also, emails that request OTPs (one-time passwords) or credentials directly are almost always an indication of a scam attempt. Legitimate companies will never ask for sensitive information through email, especially without prior verification. By staying alert to these signs, employees can play a critical role in protecting their organisations from these damaging phishing attacks.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Business Email Account Phishing Compromise Target?

General public across India

Red Flags — How to Identify Business Email Account Phishing Compromise

Emails requesting urgent login or password confirmation
Hyperlinks that do not match the official company domain
Requests for credentials or OTPs via email
Phishing emails with generic greetings, e.g., 'Dear User'

What To Do If You Encounter Business Email Account Phishing Compromise

Report any suspicious emails to the cybercrime helpline at 1930 or visit cybercrime.gov.in to file a report.
Immediately change your email account password if you suspect a phishing attempt.
Activate two-factor authentication (2FA) on your email accounts for added security.
Conduct a security review of your account settings and check for unauthorized access or changes.
Inform your company’s IT department about the phishing email to prevent further spread.
Educate colleagues about recognizing phishing attempts and equip them to act quickly.

How to Report Business Email Account Phishing Compromise in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: If you've shared your OTP, immediately contact your bank's customer service helpline, like SBI at 1800-11-1109 or HDFC at 1800-202-6161. You should also report the incident to the cybercrime helpline at 1930.
How do I identify a business email compromise phishing attempt?: Look for generic greetings, requests for urgent action, and suspicious hyperlinks that don’t match your company's domain. These are key indicators of a phishing attempt.
How to report this type of scam in India?: You can report such scams by calling the cybercrime helpline at 1930 or by visiting cybercrime.gov.in to file an online complaint. Additionally, inform your bank about the fraudulent activity.
How to recover or protect my accounts after falling victim to this scam?: Change your passwords immediately and enable two-factor authentication. Contact your bank or any affected service providers to secure your accounts and prevent further unauthorized access.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.