What to do if I shared my OTP in a UPI scam?

Immediately contact your bank’s helpline (e.g., SBI: 1800-11-1109, HDFC: 1800-202-6161) to report the incident and request to block unauthorized transactions.

How can I identify a CEO WhatsApp impersonation scam?

Look for urgent messages that refuse phone calls, pressure for immediate action, and requests for payment to unfamiliar accounts.

How do I report this type of scam in India?

You can report such scams by calling 1930, visiting cybercrime.gov.in, or informing your bank about the fraudulent activity.

What are the recovery steps after falling victim to this scam?

Contact your bank and request to block further unauthorized transactions, report the incident to authorities for investigation, and seek support from the cyber crime helpline.

CEO WhatsApp Impersonation Scam Strikes Indian Firms

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Verdict: Suspicious | Risk Score: 9/10 | Severity: critical

Category: UPI, WhatsApp, Phishing

How CEO WhatsApp Impersonation Scam Strikes Indian Firms Works

Overview: The CEO WhatsApp Impersonation Scam is a crafty cyber-attack targeting Indian businesses, especially those where financial approval processes rely on digital communication. Fraudsters act as company leaders—like the CEO or managing director—and send convincing WhatsApp messages to staff, urging them to transfer company funds or reveal sensitive data urgently. These urgent requests often bypass normal checks due to the apparent authority and pressure, leading to large financial losses. Middle managers, finance teams, and even entry-level staff in both small and large firms have become targets in metro cities as well as growing business hubs. This scam is highly dangerous because it leverages internal trust and exploits existing workplace hierarchies to quickly siphon off significant sums. How It Works: 1. Attackers first compromise an employee's device or office workstation. This is often done through a phishing email containing a malicious link or attachment. 2. Once inside, they access any active WhatsApp Web sessions or establish their own, allowing them to send messages from a credible executive profile. 3. Alternatively, they can hijack the executive’s WhatsApp account or create a believable fake account using publicly available images and information. 4. The fraudster sends urgent requests, such as instructions to transfer funds or share confidential documents, framing it as time-sensitive and confidential. 5. The staff member, pressured by the seniority of the sender and the secrecy, rushes the transaction without standard verification. 6. Funds are then transferred to mule or external accounts, and the fraudsters disappear. India Angle: Indian scammers leverage popular platforms like WhatsApp due to its near-universal workplace adoption. UPI and IMPS are commonly used for requested transfers. Large business cities—Hyderabad, Bengaluru, Mumbai, and NCR—are frequent targets, particularly among urban professionals, finance or HR personnel, and even startups. Many cases also involve logistics or vendor-related companies, where multiple payment requests are routine and susceptible to manipulation. Real Examples: - "Hi, this is Singh sir. I am in board meeting. Can you send 6.5 lakh urgently to this new vendor? I will explain later, highly confidential. Don’t call, just confirm payment on WhatsApp." - "I need to transfer funds for client acquisition before 3pm. Forward to this UPI ID now. I am unavailable for calls." Red Flags: 1. A request for urgent payment or information from someone claiming to be the CEO or MD, but refusing to speak on the phone. 2. The sender insists the transaction is highly confidential and bypasses normal protocols. 3. WhatsApp messages come from a number that is off by one or two digits, or show a newly created business account. 4. Instructions include transferring funds to new or unverified accounts/UPI IDs—not normal vendor accounts. 5. The message arrives unexpectedly and outside standard working hours, increasing urgency. Protective Measures: - Always verify financial or sensitive requests by personally calling the executive on their known official number, not by replying to the same WhatsApp chat. - Log out from WhatsApp Web sessions on all office computers after each use. Enable security notifications for new logins. - Implement a mandatory dual approval process for all high-value transactions, regardless of urgency. - Educate staff regularly about such social engineering tactics through cybersecurity awareness programs. - Use strong, unique passwords and multi-factor authentication for internal accounts wherever possible. If Victimised: - Immediately report the incident to your company’s IT or information security team. - If funds have already been transferred, contact your bank urgently to initiate a fraud hold. - Report the crime on India’s cybercrime helpline 1930 or file a complaint at cybercrime.gov.in. - Inform the Reserve Bank of India (RBI) if banking systems are compromised. Related Scams: 1. Business Email Compromise (BEC) where payment requests originate from seemingly legitimate company email addresses. 2. Vendor frauds where someone poses as a regular supplier and asks for payment to a new account. 3. Executive spoofing through SMS or Telegram, targeting staff with similar tactics on alternative platforms. This scam can have disastrous consequences if unchecked. Indian businesses must stay alert to communication requests that seem unusual, urgent, and confidential, regardless of who appears to have sent them. Routine verification—not digital messages—should always dictate payments and sensitive disclosures.

How This Scam Works — Detailed Explanation

The CEO WhatsApp Impersonation Scam primarily targets businesses in India where communication and financial approvals are carried out digitally, especially those relying on platforms like WhatsApp. Scammers identify potential victims by researching companies and their hierarchies, often through social media or platforms like LinkedIn. They then create fake accounts that resemble those of the company’s senior management, such as the CEO or HR head. This setup allows fraudsters to send seemingly legitimate messages to employees requesting urgent financial transactions or other sensitive information.

In executing this scam, fraudsters employ a range of psychological tactics designed to instill a sense of urgency and authority. They craft messages that mimic the communication style of the impersonated CEO, often incorporating familiar corporate jargon and addressing employees by name. Furthermore, they might refuse to engage in phone calls, making their requests appear more urgent and integral to business operations. This pressure can lead employees to bypass standard operating procedures, ultimately circumventing the necessary validation steps that would typically prevent such fraudulent activity.

Victims of this scam frequently find themselves receiving a WhatsApp message late at night or during weekends, requesting immediate transfers to a new UPI ID that is not previously used by the company. For example, a finance officer at a medium-sized firm may receive a message claiming to be from their CEO instructing them to transfer ₹10 lakh to a new account due to an 'urgent vendor payment.' Under the false pretense of authority, they could send the funds before verifying the details with the management, leading to significant losses for the company. Once the transaction is completed, the money is often gone in a flash, making recovery nearly impossible.

The real-world impact of such scams in India is alarming. In 2022 alone, Indian businesses reported losses of around ₹150 crore due to various impersonation scams, including the CEO WhatsApp Impersonation Scam. Reports indicate that the Ministry of Home Affairs (MHA), Reserve Bank of India (RBI), and Cybersecurity Agency CERT-In have all raised red flags regarding such scams, emphasizing the increasing vulnerability of companies against cybercrime. These organizations continually work to raise awareness, but the sophistication of scammers is continuously evolving, making it critical for businesses to remain vigilant.

To effectively spot this type of scam, employees need to be aware of specific indicators that set apart legitimate communications from fraudulent ones. If a WhatsApp message appears 'off,' by urging secrecy or bypassing normal protocols, it warrants further scrutiny. Watch out for discrepancies, such as slightly altered phone numbers or requests that insist on immediate action but refuse a phone call to clarify. Additionally, if payment instructions involve unfamiliar UPI accounts or any last-minute changes outside regular working hours, employees should treat the communication with skepticism and follow up through verified channels before taking any action.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does CEO WhatsApp Impersonation Scam Strikes Indian Firms Target?

General public across India

Red Flags — How to Identify CEO WhatsApp Impersonation Scam Strikes Indian Firms

Urgent WhatsApp message from senior management, refusing phone calls
Payment instructions to new or unknown UPI/bank accounts
Insistence on secrecy/confidentiality and bypassing normal protocols
Slightly altered WhatsApp numbers or newly created profiles
Unexpected requests outside working hours

What To Do If You Encounter CEO WhatsApp Impersonation Scam Strikes Indian Firms

Report the incident immediately by calling the cybercrime helpline at 1930 or visiting cybercrime.gov.in.
Verify the authenticity of the message by contacting your senior management through official phone numbers, not through WhatsApp.
Document all communications and transactions related to the incident for future reference.
Contact your bank immediately to inform them of the transaction and request to block any unauthorized activity.
Notify your IT department or cybersecurity team about the impersonation attempt to prevent further incidents.
Educate your team on the signs of such scams to foster a more security-conscious work environment.

How to Report CEO WhatsApp Impersonation Scam Strikes Indian Firms in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately contact your bank’s helpline (e.g., SBI: 1800-11-1109, HDFC: 1800-202-6161) to report the incident and request to block unauthorized transactions.
How can I identify a CEO WhatsApp impersonation scam?: Look for urgent messages that refuse phone calls, pressure for immediate action, and requests for payment to unfamiliar accounts.
How do I report this type of scam in India?: You can report such scams by calling 1930, visiting cybercrime.gov.in, or informing your bank about the fraudulent activity.
What are the recovery steps after falling victim to this scam?: Contact your bank and request to block further unauthorized transactions, report the incident to authorities for investigation, and seek support from the cyber crime helpline.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.