How to protect yourself from Fake M&A Broker Executive Phishing Scam?

Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared

Fake M&A Broker Executive Phishing Scam

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: WhatsApp, Job, Phishing

How Fake M&A Broker Executive Phishing Scam Works

Overview: The Fake M&A (Merger & Acquisition) Broker Executive Phishing Scam targets medium and large Indian IT, finance, and retail companies, particularly those with revenues above ₹400 crore. Scammers impersonate international business brokers or investors interested in buying or merging with Indian firms. By exploiting the trust and urgency around lucrative business deals, attackers can gain privileged access to a company’s systems, often paving the way for massive data theft or ransomware attacks. This scam is especially dangerous because it involves senior executives—whose stolen credentials put the entire organisation at risk. How It Works: 1. Scammers gather intel on mid-to-large Indian companies, identifying likely targets (often CEOs or finance heads). 2. They send persuasive emails or LinkedIn messages from forged or compromised accounts, pretending to be foreign investors or M&A consultants interested in a sale, partnership, or merger. 3. Victims receive attached 'confidential files' (NDAs, financial docs) or links titled 'Virtual Data Room' for due diligence. These carry hidden malware designed to collect passwords or install remote access tools. 4. Once installed, the malware steals credentials, providing hackers with access to the company’s internal network (often via RDP, Citrix, or VPN). 5. Within weeks, the attacker either sells that access on underground forums or uses it as a launchpad for ransomware. India Angle: This scam adapts well to the Indian business scene, often exploiting the popularity of WhatsApp for business correspondence and targeting sectors with large IT teams. Attacks are concentrated in metro cities (Mumbai, Bengaluru, Delhi-NCR) but increasingly target Tier 2 cities expanding their tech footprint. Senior management, finance departments, and IT admins are commonly targeted since their compromised accounts can unlock key systems. Communication is sometimes delivered via WhatsApp, Telegram, or even phone calls, using a mix of English and local languages. Real Examples: - A fictitious message received by an Indian finance head on LinkedIn: “Dear Sir, our London-based firm is interested in acquiring leading digital service companies in India. Please review the attached confidential NDA and data room link to start the process.” - CEO gets a WhatsApp audio call from a 'Singapore investor' urging urgent document upload to a link for 'due diligence'. Red Flags: - Unsolicited approach from foreign investment firms or brokers, especially via LinkedIn or Telegram. - Attachments or links labelled as 'NDAs' or 'virtual data rooms' that request credentials or downloads. - Pressure to respond quickly and not involve lawyers or local management. - Requests for advanced fees, wire transfers, or sharing remote network access details. - Poorly written or generic emails mixing Indian and foreign names. Protective Measures: - Train executives and finance staff to independently verify such offers through official channels (not clicking emailed links). - Enable Multi-Factor Authentication (MFA) on all remote access tools (VPN, Citrix, RDP). - Only open M&A documents via secure, verified data rooms. - Regularly update and patch remote access software to close known vulnerabilities. - Use email and endpoint security systems that scan attachments and links for malware. If Victimised: - Immediately disconnect compromised accounts; reset all passwords. - Contact your IT security team to preserve email logs and network activity. - Report incidents to the Indian Cyber Crime Helpline (1930), cybercrime.gov.in, and the RBI if financial data is at risk. - Notify CERT-In for domain admin or network-level breaches. Related Scams: - 'Fake Executive Payroll Update Scam' where fraudsters impersonate C-suite staff to get HR to change salary payment details. - 'Business Email Compromise' (BEC) targeting procurement teams with fake supplier payment requests. - 'Remote Job Offer Phishing' mimicking MNCs offering Indian employees work-from-home jobs to harvest business credentials.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Fake M&A Broker Executive Phishing Scam Target?

General public across India

Red Flags — How to Identify Fake M&A Broker Executive Phishing Scam

Unsolicited acquisition or merger offers from foreign brokers
Requests to urgently download or fill NDA/data room links
Attachments or links demanding business login credentials
Demands for advanced payments to overseas accounts
Rushed timelines with instructions not to consult colleagues

What To Do If You Encounter Fake M&A Broker Executive Phishing Scam

Do not click any links or share personal information
Block and report the sender immediately
Report at cybercrime.gov.in or call 1930
Inform your bank if financial details were shared

How to Report Fake M&A Broker Executive Phishing Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is Fake M&A Broker Executive Phishing Scam?: Overview: The Fake M&A (Merger & Acquisition) Broker Executive Phishing Scam targets medium and large Indian IT, finance, and retail companies, particularly those with revenues above ₹400 crore. Scammers impersonate international business brokers or investors interested in buying or merging with Indian firms. By exploiting the trust and urgency around lucrative business deals, attackers can gain privileged access to a company’s systems, often paving the way for massive data theft or ransomware a
How does Fake M&A Broker Executive Phishing Scam work?: Overview: The Fake M&A (Merger & Acquisition) Broker Executive Phishing Scam targets medium and large Indian IT, finance, and retail companies, particularly those with revenues above ₹400 crore. Scammers impersonate international business brokers or investors interested in buying or merging with Indian firms. By exploiting the trust and urgency around lucrative business deals, attackers can gain p
How to protect yourself from Fake M&A Broker Executive Phishing Scam?: Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
How to report Fake M&A Broker Executive Phishing Scam in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.