CA/Professional Email Account Takeover

How CA/Professional Email Account Takeover Works

Overview: Chartered Accountants and similar Indian professionals are increasingly being targeted through email account takeovers. With data from breaches (like ICAI), attackers use credential stuffing to break into email accounts, then impersonate the professional for further scams—and in some cases, launch UPI fraud or trick regular clients. How It Works: Attackers input batches of stolen emails and passwords (from old and new leaks) into automated tools. Upon gaining inbox access, they monitor for ongoing client conversations or bank updates. Fraudsters may urgently request UPI transfers or share malicious documents posing as the CA, thus extending the scam to clients and partners—all while locking the genuine user out of their account. India Angle: Attacks often arise post-ICAI data leaks, thus primarily targeting Indian CAs, auditors, or anyone found in leaked membership lists. Agencies in metros (Mumbai, Delhi, Bengaluru) are at particular risk. Fraudulent demands or malware usually reference authentic client/account names and arrive in perfect business Hindi/English. Real Examples: - Client receives: “Dear Sir, please urgently transfer GST due via UPI to attached ID. Regards, ABC & Co.” - CA is locked out, then receives password reset alerts they didn’t trigger. Red Flags: - Sudden transfer demands using new UPI IDs - Account lockouts and password reset emails without your action - Unusual or unfamiliar file attachments from known contacts Protective Measures: - Use unique complex passwords for professional accounts - Enable two-step verification on all work email/UPI/banking apps - Inform clients to verify unusual payment requests by phone If Victimised: - Immediately reset all logins and alert affected clients - File a cybercrime complaint (cybercrime.gov.in) and call 1930 - Inform your professional

How This Scam Works — Detailed Explanation

In India, Chartered Accountants (CAs) and other professionals are increasingly falling victim to email account takeovers. The rise in such scams can be attributed to attackers utilizing data from previous breaches, including that of the Institute of Chartered Accountants of India (ICAI), to obtain email addresses and credentials. They usually access the dark web or other illicit platforms to gather these leaked credentials. Once equipped with batches of stolen emails and passwords, they employ automated tools to attempt login on various email service providers. The attackers aim for professionals who hold significant financial information or have clients who rely on their services.

Once they gain access to the victim's email account, the scammers begin watching for any ongoing conversations with clients, especially looking for financial transactions or UPI interactions. They impersonate the CA, crafting messages that appear genuine and soliciting payments or additional sensitive information. To make their messages more convincing, attackers often study typical communication styles of their targets. For instance, they might analyze how a CA usually communicates with clients and replicate that voice to build trust quickly, manipulating clients into believing they are dealing with the actual professional.

Victims of email account takeovers often find themselves in precarious situations. For example, a CA may have their inbox monitored for discussions about project payments, particularly through UPI. One well-documented case involved a Mumbai-based CA whose email was hacked, and clients were tricked into transferring money via UPI payment links sent from the compromised account, amounting to nearly ₹30 lakh lost. Such scams often happen swiftly, where clients are led to believe that payment requests are legitimate, only to discover later that they have fallen prey to a ploy.

The impact of these scams in India is alarming. In one notable survey, it was reported that ₹123 crore was lost to email fraud attempts in a single year, affecting numerous professionals across various sectors. The Ministry of Home Affairs (MHA) has acknowledged such threats, urging citizens to be vigilant and report fraudulent activities. The Reserve Bank of India (RBI) has also reiterated that professionals and businesses should remain alert to potential risks, alongside guidelines issued by the National Payments Corporation of India (NPCI) concerning secure UPI transactions. The Computer Emergency Response Team (CERT-In) has also been issuing advisories regarding heightened cyber fraud risks, including email account takeovers and UPI scams.

Spotting an email account takeover scam versus legitimate communications requires attention to detail. If you receive a request for payment from your CA or another professional via email, verify the details through a call or an alternative communication method. Look out for subtle signs of fraud: unusual language, urgency in requests, or discrepancies in invoice details can indicate that your communication has been compromised. Legitimate professionals generally follow up critical instructions through multiple mediums, including phone calls or verified messaging apps like WhatsApp, reducing the risks associated with unsolicited payment requests.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does CA/Professional Email Account Takeover Target?

General public across India

What To Do If You Encounter CA/Professional Email Account Takeover

1. Report suspicious emails immediately to cybercrime.gov.in or call the cybercrime helpline at 1930.
2. Verify any payment requests by contacting the CA directly through their official phone number.
3. Change your email account password immediately if you suspect any compromise.
4. Enable two-factor authentication (2FA) on your email accounts for an added layer of security.
5. Educate your clients about potential scams and advise them to contact you through known channels before making any payments.
6. Regularly review your email account security settings and update recovery options to prevent unauthorized access.

How to Report CA/Professional Email Account Takeover in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?

Immediately contact your bank's customer support; for SBI call 1800-11-1109 and for HDFC dial 1800-202-6161 to report the incident.

How can I identify an email account takeover attempt?

Look for unusual requests for funds, changes in communication style, or unexpected attachments. Always verify through a different channel.

How to report this type of scam in India?

You can report scams to cybercrime.gov.in or call the cybercrime helpline at 1930. Additionally, notify your bank about any unauthorized transactions.

What are the recovery steps after falling victim to this scam?

Immediately change passwords, report to the bank and authorities, and monitor your financial statements closely for any unauthorized transactions.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.