Email Spoofing Supplier Payment Scam

Scam Intelligence: Email Spoofing Supplier Payment Scam

Proprietary signals from BharatSecure's scam-tracking database.

How Email Spoofing Supplier Payment Scam Works

Overview: The Email Spoofing Supplier Payment Scam targets Indian businesses by exploiting trust in regular supplier relationships. Fraudsters impersonate genuine overseas or domestic suppliers by manipulating email address[ADDRESS_REDACTED]. The result is deceptive invoices and fake bank details, leading to significant losses if payments are made to fraudulent accounts. Exporters, importers, engineering firms, and companies dealing with international partners are most at risk. This scam not only causes financial damage but can also harm hard-earned supplier relationships and disrupt operations. How It Works: Scammers first study the email correspondence between a business and its suppliers, often by hacking into one side’s network or monitoring leaked credentials. Using lookalike domains or subtle changes in the email address[ADDRESS_REDACTED]. They send revised invoices or payment reminders, requesting that funds be diverted to a new, supposedly valid bank account, often citing reasons like 'company audit' or 'banking changes.' Victims, trusting the familiar sender, transfer funds without secondary verification. Realisation of the scam only occurs when the actual supplier follows up on non-receipt of funds. India Angle: This pattern is increasingly seen in India’s export hubs — Mumbai, Pune, Chennai, and Ahmedabad — where firms often transact with global suppliers over email. Attackers know Indian companies can be less vigilant with overseas payment requests, especially those written in professional English. The scam exploits the lack of strong two-way verification, especially in mid-sized firms pressed for time and reputation. Real Examples: A Pune engineering company received an official-looking email: “Dear Sir, due to new US compliance, our bank details have changed. Please make all future payments to the attached account statement. The shipment is scheduled after payment.” Another victim described an email chain where only one letter of the domain name differed from the real supplier’s email address. Red Flags: - New or slightly altered supplier email addresses - Sudden instructions to use new overseas bank accounts for payment - Unverified payment requests embedded in familiar email threads - Unwillingness to confirm details through other channels - No prior phone call or verification of payment changes Protective Measures: Always double-check bank details of suppliers by contacting known personnel via phone or official lines. Look up the exact email address [ADDRESS_REDACTED]. Use digital signatures or approved file formats for sensitive invoices. Employ dual authorization for high-value overseas transfers. Periodically review email security settings and educate staff on common email spoofing tactics. If Victimised: Immediately contact your bank to try and halt or recall the transfer. Inform your true supplier urgently. Report the incident to 1930, cybercrime.gov.in, and your local police as well as, if relevant, the RBI for cross-border payment fraud. Preserve all email correspondence and document the fraudulent domain for the investigation. Related Scams: Close relatives include BEC (Business Email Compromise) scams, Invoice Redirection Fraud, and Payment Diversion Attacks, all leveraging email manipulation to trick businesses into wiring funds.

How This Scam Works — Detailed Explanation

The Email Spoofing Supplier Payment Scam preys on the trust established in regular supplier relationships, particularly affecting importers and exporters in India. Scammers use sophisticated methods to make their fraudulent communications appear genuine. They often replicate the email address of a legitimate supplier by altering a few characters, which can easily go unnoticed. For example, they might change a letter or add a number to the domain name. Once they have created a convincing email address, they send out fake invoices that often mirror past communications, making them seem authentic.

Victims usually receive an email requesting payment for goods or services that appear to match their regular orders. In these emails, the impostor may provide updated bank account details, often instructing the victim to pay into foreign accounts to avoid detection. This tactic exploits the chaos of ongoing business operations, where an entrepreneur may not double-check invoices against previous payments, especially under time pressure. Furthermore, scammers may engage in electronic conversations via platforms like WhatsApp after sending these emails, further solidifying their fabricated identities.

The repercussions of this scam can be significant, resulting in substantial financial losses for businesses that fall victim to it. Once the money is sent to the fraudster's account, it can be challenging to track down, especially if the accounts are located overseas. Many businesses find themselves in a difficult situation where they have no tangible goods or services in return for their payments. Furthermore, the psychological toll on victims, compounded by the fear of losing credibility with genuine suppliers, adds to the stress.

To navigate this complex problem, businesses must stay alert and educated about the possible discrepancies in email communications. They should understand that even small changes in an email address can indicate potential fraud. By knowing the red flags and implementing protective measures, Indian businesses can protect themselves from the devastating effects of such scams.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Email Spoofing Supplier Payment Scam Target?

General public across India

Red Flags — How to Identify Email Spoofing Supplier Payment Scam

• Supplier email domains show minor spelling differences
• Unusual requests for payment to unfamiliar foreign bank accounts
• Payment changes announced without direct phone confirmation
• Email language imitates previous threads but feels slightly off
• No follow-up via other trusted channels for big transactions

What To Do If You Encounter Email Spoofing Supplier Payment Scam

1. Call your supplier directly using previously verified contact details to confirm the invoice before making any payment.
2. Report the incident to the Cyber Crime Cell in your region if you suspect you have been targeted by this scam.
3. Consult your bank immediately if you have processed a payment to an unfamiliar account; they may be able to help you recover lost funds.
4. Educate your team about recognizing phishing emails to prevent future scams from affecting your business.
5. Use two-factor authentication for all business email accounts to add an additional layer of security.

How to Report Email Spoofing Supplier Payment Scam in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is Email Spoofing Supplier Payment Scam?

Email Spoofing Supplier Payment Scam is a reported government impersonation scam that BharatSecure has documented as affecting Indian users. Fraudsters use it to trick victims into sharing money, OTPs, or personal and banking details. It currently carries a risk rating of 9/10 (Critical).

Is Email Spoofing Supplier Payment Scam dangerous, and how common is it in India?

Yes. This scam is rated Critical severity (9/10) because it can lead to direct financial loss or identity theft. It spreads through SMS, WhatsApp, phone calls, and fake websites, and variants are reported across India throughout the year. Treat any unexpected message or call matching this pattern as suspicious until verified.

How can I protect myself from Email Spoofing Supplier Payment Scam?

Call your supplier directly using previously verified contact details to confirm the invoice before making any payment. Report the incident to the Cyber Crime Cell in your region if you suspect you have been targeted by this scam. Consult your bank immediately if you have processed a payment to an unfamiliar account; they may be able to help you recover lost funds. Educate your team about recognizing phishing emails to prevent future scams from affecting your business. Never share OTPs, UPI PINs, card numbers, or passwords; verify any request independently using official numbers from the company's real website; and avoid clicking links in unsolicited messages.

How do I report Email Spoofing Supplier Payment Scam in India?

Call 1930 (the National Cyber Crime Helpline) within 24 hours for the best chance of recovering funds, and file a complaint at cybercrime.gov.in with screenshots and transaction details. Notify your bank's fraud team to freeze transactions, and report the suspect UPI ID or phone number to BharatSecure so other users can be warned.

Related Scams in India

• Agent-Led Fake Overseas Job Trafficking
• Agent-Led Human Trafficking for Cybercrime
• CBI Investigation Tax Demand Scam
• Compounded Forced Labor and Confinement Scam
• Contact Blackmail via Morphed Photos

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.