What to do if I shared my OTP in a UPI scam?

Immediately contact your bank's customer care, such as SBI at 1800-11-1109 or HDFC at 1800-202-6161, and report the OTP sharing. Follow their advice on securing your account.

How do I report this type of scam in India?

You can report such scams to the Cybercrime Helpline at 1930, visit cybercrime.gov.in, or directly report to your bank's fraud department.

What steps can I take to recover money after falling victim to this scam?

Contact your bank immediately to execute a fund halt if possible. You should also file a police report and report the scam to the Cybercrime Helpline.

Executive Email-to-WhatsApp Escalation Scam

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: UPI, WhatsApp, Phishing

How Executive Email-to-WhatsApp Escalation Scam Works

Overview: In this pattern, scammers first approach an Indian company staff member by email, appearing as the CEO, MD, or other top executive. After a brief email exchange that builds trust, they switch channels and request to continue the urgent discussion on WhatsApp. This escalation creates urgency and decreases suspicion, making it more likely the victim will act without standard corporate verification. How It Works: 1. Scammers research the organisation and send a phishing or spoofed email to the accounts department, posing as a top executive. 2. The email claims there is a critical business matter, late-night deal, or sensitive partnership that needs urgent handling. 3. After establishing credibility, the scammer requests to shift the conversation to WhatsApp for 'convenience' or 'confidentiality'. 4. Over WhatsApp, the impersonator pushes for an immediate fund transfer, sometimes sharing new vendor account details or UPI IDs. 5. The victim, now under pressure from what appears to be a trusted leader, may execute the transfer without the usual checks. India Angle: Widely seen in larger Indian firms and startups in metros where key decisions may be made after hours, and emails from leadership are often accepted at face value. The scam often takes advantage of national holidays, weekends, or quarter ends when regular checks might be skipped. Both English and Hindi variants are common. Real Examples: - “Dear Suresh, I need your support on a confidential matter. Let’s move this chat to WhatsApp, I’ll explain there.” - “This deal is time-sensitive—transfer 3 lakh to this new account ASAP. Do not involve others, details attached.” - “Please handle with utmost secrecy. Share the transfer screenshot on WhatsApp.” Red Flags: 1. Payment or financial instruction by email from management, with a request to move to WhatsApp 2. Pushed secrecy around the transaction 3. Instruction to use new bank details that have not been verified previously 4. Messaging late in the evening or on holidays Protective Measures: - Verify all changes in payment processes with a direct call to the concerned executive, using official company contact details - Insist on following standard protocols for all payments, regardless of urgency - Inform all staff to question any shift from official emails to WhatsApp for confidential or urgent matters If Victimised: - Contact 1930 immediately and attempt to halt the fund transfer - Report the incident on the cybercrime.gov.in portal - Inform company management and cybersecurity team promptly Related Scams: - Vendor email compromise, where payments are diverted to fraudulent accounts - Phishing scams targeting both executives and staff - UPI fraud posing as trusted insiders

How This Scam Works — Detailed Explanation

The Executive Email-to-WhatsApp Escalation Scam begins with scammers conducting thorough research on target companies. They utilize social media platforms like LinkedIn to gather information about company structure, executive names, and internal communication styles. Once they have enough insights, a phishing email is sent to an employee, impersonating a top-level executive, such as the CEO or Managing Director. The email often contains familiar phrases or business jargon to build trust and set an authoritative tone. Through this initial contact, the scammers aim to create a sense of legitimacy that makes the employee more susceptible to further manipulation.

As the email exchange progresses, the scammers apply psychological tactics to create a sense of urgency and secrecy. They might stress the need for confidentiality and suggest that the discussion surrounding an important payment must be expedited. Communication techniques play a key role here; they may send follow-up emails that emphasize tight deadlines and highlight the potential negative consequences of delays. In many cases, the request is made to switch the conversation to WhatsApp, where the scammer hopes to further upscale the urgency and bypass normal verification processes that might occur in the corporate email system. It feels more personal and less formal, reducing the employee's skepticism toward the requests being made.

When a victim engages with the scammer, they often receive directives to complete urgent transactions. For instance, they may be manipulated into creating a UPI payment to an unfamiliar account, which can range from several lakhs to crores. A case reported in Maharashtra involved an employee who lost ₹25 lakhs after being coerced into an impromptu payment scheme during a supposed weekend emergency. The scammer uses WhatsApp to provide instant responses that make it appear as if they are accessible and genuine. The victim’s trust grows as the scammer continues to craft realistic scenarios that align with their corporate responsibilities.

The impact of these scams extends beyond financial loss; they shake the confidence of businesses and put them at operational risk. According to reports, these types of scams have led to billions in losses across India, with stakeholders from various sectors being affected. The Ministry of Home Affairs (MHA) and the Reserve Bank of India (RBI) categorize these incidents under high-severity cyber fraud, warning financial institutions to enhance security measures. CERT-In has also issued advisories to heighten vigilance among companies about these specific scams, as awareness is crucial for mitigation. Victims of such scams often find themselves not just financially drained but also dealing with the psychological aftermath of deceit.

To help individuals and businesses identify the Executive Email-to-WhatsApp Escalation Scam, awareness of common red flags is vital. Legitimate communications from executives will typically maintain a degree of formality, especially in financial dealings. If a management request for a financial transaction seems to come with an unusual pressure to move quickly or switch communication platforms, it should raise alarm bells. Additionally, unusual requests for secrecy, especially around monetary issues, are indicative of this scam pattern. Understanding these differentiators can empower employees to question authenticity and take precautionary steps, preventing potential financial disaster.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Executive Email-to-WhatsApp Escalation Scam Target?

General public across India

Red Flags — How to Identify Executive Email-to-WhatsApp Escalation Scam

Management asks to move payment talks from email to WhatsApp
Tight secrecy and confidentiality stressed
Urgent money requests to new accounts
Odd communication timing (late night, holidays)

What To Do If You Encounter Executive Email-to-WhatsApp Escalation Scam

Report the incident immediately to the Cybercrime Helpline at 1930 or at cybercrime.gov.in.
Inform your bank about the suspicious transaction to block any further movements.
Verify all financial requests through traditional communication channels before acting.
Change the passwords of your official email account and related financial apps.
Educate your team on cyber threats, focusing on recognizing phishing and social engineering tactics.
Consider implementing multi-factor authentication on both email and banking apps for added security.

How to Report Executive Email-to-WhatsApp Escalation Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately contact your bank's customer care, such as SBI at 1800-11-1109 or HDFC at 1800-202-6161, and report the OTP sharing. Follow their advice on securing your account.
How can I identify the Executive Email-to-WhatsApp Escalation Scam?: Look for urgent payment requests, requests to switch to WhatsApp from email, and communications stressing secrecy. Always verify the source.
How do I report this type of scam in India?: You can report such scams to the Cybercrime Helpline at 1930, visit cybercrime.gov.in, or directly report to your bank's fraud department.
What steps can I take to recover money after falling victim to this scam?: Contact your bank immediately to execute a fund halt if possible. You should also file a police report and report the scam to the Cybercrime Helpline.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.