What to do if I shared my bank account details in a scam?

Immediately contact your bank's helpline (SBI 1800-11-1109) to report the matter and freeze your account. Additionally, report to 1930 for further assistance.

How can I identify if I'm being targeted by a dual-channel BEC?

Look for unexpected follow-up calls or messages after payment requests, especially if they push for urgency and bypass standard procedures.

How do I report a dual-channel BEC scam in India?

Report any such incidents to the cybercrime helpline at 1930, or file a complaint at cybercrime.gov.in for further investigation.

What steps should I take to protect my bank account after being scammed?

Change your online banking passwords immediately, activate alerts for transactions, and notify your bank of any unauthorized activity for monitoring.

Dual-Channel Business Email Compromise Variant

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: WhatsApp, Phishing

How Dual-Channel Business Email Compromise Variant Works

Overview: Dual-Channel BEC is a sophisticated scam blending email with follow-up phone, Teams, or chat app contact, making it much harder for businesses to spot. Attackers use both compromised business email accounts and voice calls (often from spoofed Indian numbers) to pressure company staff into transferring funds or updating bank account details. This cross-channel approach increases trust, resulting in higher success rates and potentially multimillion rupee losses per hit. How It Works: 1. Attackers gain access to a legitimate company executive or vendor email, usually by phishing. 2. After sending a plausible email request for a payment or urgent account update, they call or message the victim to "confirm" the transaction, using Indian-accented VoIP where possible. 3. The caller references specific internal details (from compromised emails) to sound convincing. 4. The victim, reassured by the multi-channel approach, updates payment details or proceeds with a bank transfer to the fraudulent account, trusting the apparent authenticity. 5. Funds are laundered quickly through layered accounts, and the attacker disappears. India Angle: This technique is rising among NCR and e-commerce SMEs, exploiting Indian trust in verbal confirmations. Many attackers use local language or English with an Indian accent, and VoIP numbers that match regional codes. Employees in finance and procurement are frequent targets. Real Examples: An SME in Delhi receives an email from a supplier requesting a new bank transfer for a large shipment. Within 15 minutes, the finance manager gets a call, “This is Suresh from [Vendor]—did you get our bank update? Please process it today or shipment delays may occur.” The call appears from a Delhi mobile number. Red Flags: - Contact by both email and unsolicited call or chat immediately after - Call voices or numbers match your usual supplier or company area - Urgent change in banking details, with pressure for same-day payment - Request to bypass standard finance controls or second-level approvals - No prior meeting or context for the call’s urgency Protective Measures: - Never trust payment changes confirmed only over a call or chat after an email - Always use another trusted channel (not the reply from the same thread) to confirm with senior management or the actual vendor - Check the legitimacy of numbers calling for payment verification - Keep clear records and escalate any suspicious dual-channel payment request - Train staff to understand newer BEC tactics If Victimised: - Attempt to stop or reverse the transaction with your bank immediately - File a report on cybercrime.gov.in and contact helpline 1930 - Inform procurement/finance and update anti-fraud protocols Related Scams: - Fake Tech Support Calls for Payment Change - WhatsApp Vendor Impersonation Combining Email Requests - BEC-Enabled Invoice Scams via Microsoft 365

How This Scam Works — Detailed Explanation

The Dual-Channel Business Email Compromise Variant is a sophisticated scam that typically begins with attackers compromising a business email account, often through phishing tactics or malware. Once inside, they gain access to valuable information about internal processes and key employee communications. This setup allows them to impersonate trusted contacts such as suppliers or executives. To initiate the scam, the attackers use the compromised email account to send a payment-related request or update regarding bank account details. This email is usually crafted to appear legitimate, mirroring previous legitimate correspondence. Following the email, the scammer then reaches out via phone, Microsoft Teams, or even WhatsApp, often from spoofed Indian phone numbers, to add credibility to their claims. This method effectively blurs the lines of communication, making it challenging for employees to identify any red flags.

To effectively manipulate their targets, these scammers employ various psychological tactics. The urgency of the request is a key element; they may create a false sense of immediacy by stating that payment needs to be processed urgently or that a new bank account must be activated immediately to avoid disruption in services. They often mimic the voice or mannerisms of a trusted colleague or executive to strengthen their deception. These impersonations are crafted to exploit the existing trust in their communications, which can blindside even the most cautious employees. Additionally, they may reference confidential company information to further impress upon the victim that they are legitimate, making it harder to detect that a scam is underway.

Once the victim is engaged, the steps unfold in a carefully orchestrated manner. After an initial email request, the victim, who may work in finance or accounts, receives a call urging them to transfer funds—often via a quick UPI transaction—to a new account. A prevalent example involved an Indian tech firm where an employee was pressured into transferring ₹5 crore within hours based on 'urgent payment instructions' sent via email and followed by a convincing phone call. Such attacks can lead to massive losses for companies, especially small and medium enterprises that may lack robust fraud detection mechanisms.

The real-world impact of these scams in India is significant. In recent months, CERT-In has issued multiple warnings regarding the rise of this scam type, revealing that businesses have collectively lost hundreds of crores to similar schemes. A report from the Ministry of Home Affairs indicated that losses from cyber fraud, including business email compromise, have escalated, causing great concern among financial authorities. The Reserve Bank of India continues to update its guidelines in response to the evolving nature of these threats, insisting on robust corporate governance practices and reporting protocols to mitigate risks.

Identifying this scam from legitimate communications is crucial for prevention. Key warning signs include unexpected follow-up calls after payments or requests, particularly when they require immediate action without proper documentation. If the call comes from a number that doesn't match previously known contacts and references sensitive company information that is not typically shared, that's a red flag. Moreover, legitimate payment requests usually incorporate multiple levels of approvals; hence, any request that skips these processes should raise suspicions. Remain vigilant and always cross-verify such requests with multiple channels before executing any financial transfers, especially under time pressure.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Dual-Channel Business Email Compromise Variant Target?

General public across India

Red Flags — How to Identify Dual-Channel Business Email Compromise Variant

Unexpected call or chat after a payment-related email
Voice or number mimics trusted supplier or executive
Same-day urgency for wire or UPI transfer
Ask to bypass standard payment approval or paperwork
Call or message references confidential company info

What To Do If You Encounter Dual-Channel Business Email Compromise Variant

Report any suspected scam or fraud to the cybercrime helpline at 1930 or visit cybercrime.gov.in.
Verify any unexpected payment instructions via a different communication channel — call back on a known number.
Notify your bank immediately, using helplines like SBI 1800-11-1109 or HDFC 1800-202-6161, to suspend any unauthorized transactions.
Educate your team about this scam type to ensure everyone understands the dangers of dual-channel BEC.
Implement robust payment approval processes that require verification from multiple stakeholders within the company.
Train employees to recognize signs of phishing and impersonation attempts in both emails and calls.

How to Report Dual-Channel Business Email Compromise Variant in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my bank account details in a scam?: Immediately contact your bank's helpline (SBI 1800-11-1109) to report the matter and freeze your account. Additionally, report to 1930 for further assistance.
How can I identify if I'm being targeted by a dual-channel BEC?: Look for unexpected follow-up calls or messages after payment requests, especially if they push for urgency and bypass standard procedures.
How do I report a dual-channel BEC scam in India?: Report any such incidents to the cybercrime helpline at 1930, or file a complaint at cybercrime.gov.in for further investigation.
What steps should I take to protect my bank account after being scammed?: Change your online banking passwords immediately, activate alerts for transactions, and notify your bank of any unauthorized activity for monitoring.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.