What to do if I shared my OTP in a Fraud scam?

Immediately report the incident to your bank's helpline (SBI 1800-11-1109, HDFC 1800-202-6161) and change your passwords. You should also contact CERT-In or visit cybercrime.gov.in.

How do I identify Hybrid Email to Deepfake Call Scam?

Look out for payment update emails followed by urgent calls, sender domains that appear slightly altered, and pressure to change long-standing vendor details.

How do I report this type of scam in India?

You can report at 1930 or visit cybercrime.gov.in. Additionally, notify your bank immediately and file an FIR if necessary.

How can I recover money or protect accounts after this scam?

Contact your bank's fraud department to report the loss. They can guide you through the recovery process and advise on securing your accounts.

Hybrid Email to Deepfake Call Scam

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: Fraud

How Hybrid Email to Deepfake Call Scam Works

Overview: This elaborate scam begins with a legitimate-looking business email about a routine or upcoming payment. When the recipient seeks clarification, the attackers escalate to a convincing voice or video call—using deepfake technology to impersonate senior management. The aim is to pressure employees into changing bank details or sending immediate payments to fraudulent accounts. Indian companies are increasingly falling victim as scammers combine digital deception with emotionally manipulative tactics. How It Works: 1. Victim receives a spoofed email (often from a domain similar to the company’s) about an ongoing invoice, vendor change, or payment issue. 2. If the victim replies or hesitates, they get a call—audio or video—featuring an AI-generated voice and/or face of a top executive. 3. The imposter creates urgency, referencing actual business actions or deals to appear credible. 4. The victim is hurried into making a transfer or updating account details, supposedly to avoid major business losses. 5. Funds are then siphoned off to the criminal network. India Angle: This scam has grown in India’s urban corporate circles, targeting mid-level finance and admin staff in sectors like IT, manufacturing, and e-commerce. Attackers often use English or Hindi and focus on workers in Delhi, Bengaluru, Pune, and emerging tech hubs. Real Examples: An admin at a Pune manufacturing firm receives an email seemingly from the CFO: “Vendor bank details have changed, process payment by end of day, new account attached.” Minutes later, an urgent call follows: “I’m sending this from my new official account – trust me, it’s urgent. Please don’t delay.” Red Flags: - Email sender address [ADDRESS_REDACTED] - Payment instructions fire up a follow-up call for ‘confirmation’ - Sudden changes to long-standing vendor bank information - Urgency and references to real upcoming deals or payments - Requests not to use regular official channels for confirmation Protective Measures: Always compare sender email address[ADDRESS_REDACTED]. Never trust new account details or payment updates without secondary confirmation from official contacts. Rigorously follow dual-verification before processing bank changes. Look out for sudden urgency in emails, with calls following soon after. If Victimised: Contact your bank for an immediate stop. Report to cybercrime.gov.in and the 1930 helpline. Forward suspicious emails and call details to the IT and security team for investigation. Related Scams: Vendor Payment Diversion and Classic Business Email Compromise with fake invoices.

How This Scam Works — Detailed Explanation

The Hybrid Email to Deepfake Call Scam is a sophisticated form of fraud that begins with attackers collecting data on potential victims through various online platforms and business directories. Scammers often start monitoring corporate communications through social media, LinkedIn, or even data breaches. Using this intelligence, they establish a sense of legitimacy by creating an email that mimics the style and tone of real business communication. These emails usually contain requests for payment updates or changes to vendor information, often using slightly altered sender domains to appear authentic. Once trust is gained, scammers further manipulate the situation by making a phone call using advanced deepfake technology that replicates the voice or image of a company executive or senior management figure, making it seem as if the communication is legitimate.

The tactical execution of the Hybrid Email to Deepfake Call Scam involves several levels of psychological manipulation. After sending out the carefully crafted email, scammers wait for a response. When the victim seeks clarification, the scammer escalates the interaction by making a phone call, often claiming to be an executive whose voice and appearance have been artificially recreated. This adds a layer of legitimacy to the scam. The pressure is usually applied during the call, with the scammer urging the victim to quickly change payment details or send funds to what are actually fraudulent accounts. This urgency is designed to prevent the victim from consulting anyone else for fear of missing a crucial deadline, thus bypassing systemic safeguards that could potentially thwart the fraud.

Victims of this scam may experience a series of alarming events that unfold rapidly. For example, an employee at an Indian IT company might receive an email requesting an update on a payment to a vendor. After the employee responds, they receive a phone call from someone who sounds convincingly like their CEO. This impersonator, using deepfake technology, pressures them into changing the bank details of a long-time vendor. Under immense psychological pressure, the employee may agree and initiate a payment via UPI or bank transfer before the deception is fully realized. Such attacks are not uncommon, with cases reported across sectors; for instance, a large manufacturing firm in India recently lost ₹15 crore due to a similar scam that combined email phishing and deepfake technology.

The financial impact of the Hybrid Email to Deepfake Call Scam is alarming. According to statistics from the Ministry of Home Affairs (MHA), scam-related losses in India jumped alarmingly, with reports indicating that ₹10,000 crore were lost to various cyber scams in the past year alone. Banks like SBI and HDFC have also reported an increase in such fraud cases, underlining the critical need for awareness. Regulatory bodies like the Reserve Bank of India (RBI) and CERT-In have begun releasing advisories urging businesses to increase training and awareness around identifying such scams as part of their cybersecurity measures. The tightening of guidelines for KYC processes, including Aadhaar verification and bank communications, highlights how vital it is for both companies and individuals to stay informed.

To differentiate between a legitimate communication and a scam, remain vigilant and follow certain checks. Start by verifying email addresses, which can often be slightly altered. A legitimate communication should align with official company channels. If you receive an email requesting immediate action, take a moment to reach out to the sender through known communication tools such as a company phone number or service portal. Additionally, always verify changes via a secondary discussion with leadership or finance teams, as many scams rely on impromptu decisions. Under no circumstances should one feel rushed to confirm personal or financial details over a call, regardless of how convincing they may sound.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Hybrid Email to Deepfake Call Scam Target?

General public across India

Red Flags — How to Identify Hybrid Email to Deepfake Call Scam

Payment update emails followed by urgent calls
Slightly altered sender domains
Pressure to change long-time vendor payment details
Refusal to confirm via official communication tools

What To Do If You Encounter Hybrid Email to Deepfake Call Scam

Report the incident immediately at 1930 or visit cybercrime.gov.in for guidance.
Verify any payment requests by contacting your finance department directly using known contacts.
Check the sender's email address for slight alterations that indicate phishing attempts.
Never rush to make payment changes without multiple confirmations through official channels.
Educate coworkers about this type of scam and the importance of skepticism.
Consider implementing security training and awareness programs for all employees.

How to Report Hybrid Email to Deepfake Call Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a Fraud scam?: Immediately report the incident to your bank's helpline (SBI 1800-11-1109, HDFC 1800-202-6161) and change your passwords. You should also contact CERT-In or visit cybercrime.gov.in.
How do I identify Hybrid Email to Deepfake Call Scam?: Look out for payment update emails followed by urgent calls, sender domains that appear slightly altered, and pressure to change long-standing vendor details.
How do I report this type of scam in India?: You can report at 1930 or visit cybercrime.gov.in. Additionally, notify your bank immediately and file an FIR if necessary.
How can I recover money or protect accounts after this scam?: Contact your bank's fraud department to report the loss. They can guide you through the recovery process and advise on securing your accounts.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.