How to protect yourself from M&A/Legal Invoice Email Scam?

Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared

M&A/Legal Invoice Email Scam

Verdict: Suspicious | Risk Score: 9/10 | Severity: critical

Category: Phishing

How M&A/Legal Invoice Email Scam Works

Overview: The M&A or Legal Invoice BEC scam preys on Indian companies engaged in high-value deals like mergers, acquisitions, or litigations. Attackers pose as external legal counsel or deal consultants, sending seemingly 'confidential' emails convincing employees to transfer large sums—often exceeding ₹1 crore—into fraudulent accounts under the guise of escrow, settlement, or legal fees. The financial and reputational impact can devastate companies who fall for these sophisticated, highly-targeted frauds. How It Works: Fraudsters monitor public corporate news and gather insider details via data leaks or phishing. They then craft persuasive emails from lookalike domains (e.g., lawfirm.co.in instead of .com) and pressure employees with confidentiality clauses, warning not to discuss the matter. Payment instructions lead to mule accounts in India or abroad, created with fake documents and routed through shell companies. Funds may disappear overseas within hours, making recovery difficult. India Angle: Indian firms in Mumbai, Bengaluru, and Delhi are frequent targets due to frequent legal activity and cross-border transactions. English-speaking executives or legal teams are specifically targeted. The scam often references Indian company names, law firms, regulatory jargon, and local bank details. Recent cases show links to multi-state fund-laundering networks supported by corrupt insiders. Real Examples: - "Please urgently remit ₹1.2 crore to the new escrow as per ongoing transaction, strictly confidential. Do not share details." - "This is an important legal settlement—kindly process payment to attached account by today, as per email from our consultant." Red Flags: - Domains mimicking real law firms but with minor differences. - Unusually large, urgent payment requests marked confidential. - Pressure not to discuss the matter internally or seek approvals. - Emails arriving outside regular business hours. Protective Measures: - Always confirm payment instructions for large legal deals by phone or in person. - Involve multiple departments for sign-off on high-value payments. - Enable advanced anti-phishing controls on business email platforms. - Educate staff about lookalike domain tricks. If Victimised: - Inform your bank plus RBI immediately to freeze the transfer. - Lodge a cyber fraud case on cybercrime.gov.in and call 1930. - Seek legal counsel and cooperate fully with authorities. Related Scams: - Fake vendor due diligence schemes. - Email frauds involving forged RBI circulars. - CEO impersonation targeting finance teams.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does M&A/Legal Invoice Email Scam Target?

General public across India

Red Flags — How to Identify M&A/Legal Invoice Email Scam

Use of confidential or secrecy language
High-value transfer requests from new contacts
Email domains slightly differing from known firms
No verbal or alternate channel confirmation allowed

What To Do If You Encounter M&A/Legal Invoice Email Scam

Do not click any links or share personal information
Block and report the sender immediately
Report at cybercrime.gov.in or call 1930
Inform your bank if financial details were shared

How to Report M&A/Legal Invoice Email Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is M&A/Legal Invoice Email Scam?: Overview: The M&A or Legal Invoice BEC scam preys on Indian companies engaged in high-value deals like mergers, acquisitions, or litigations. Attackers pose as external legal counsel or deal consultants, sending seemingly 'confidential' emails convincing employees to transfer large sums—often exceeding ₹1 crore—into fraudulent accounts under the guise of escrow, settlement, or legal fees. The financial and reputational impact can devastate companies who fall for these sophisticated, highly-targe
How does M&A/Legal Invoice Email Scam work?: Overview: The M&A or Legal Invoice BEC scam preys on Indian companies engaged in high-value deals like mergers, acquisitions, or litigations. Attackers pose as external legal counsel or deal consultants, sending seemingly 'confidential' emails convincing employees to transfer large sums—often exceeding ₹1 crore—into fraudulent accounts under the guise of escrow, settlement, or legal fees. The fina
How to protect yourself from M&A/Legal Invoice Email Scam?: Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
How to report M&A/Legal Invoice Email Scam in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.