What should I do if I received a suspicious email about a payment?

Do not respond. Contact your IT department and verify the email's source. Report it to the cybercrime helpline at 1930.

How can I identify a Multi-Stage Business Email Compromise?

Look for urgent requests for payments combined with secrecy. Spoofed email addresses and frequent changes in payment details are key indicators.

How do I report a BEC scam in India?

File a report at cybercrime.gov.in or call 1930 for assistance. You may also report the scam to your bank's fraud department.

Can I recover money lost in a Business Email Compromise?

Immediately contact your bank and inform them. If the transaction was made using UPI, report it to NPCI and your bank's helpline for guidance.

Multi-Stage Business Email Compromise with Data Theft

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: UPI, Phishing

How Multi-Stage Business Email Compromise with Data Theft Works

Overview: In multi-stage business email compromise (BEC), attackers don’t just engineer a one-time wire fraud—they launch a series of schemes, starting with small solicitations (like gift cards or minor transfers) before escalating to major wire fraud or corporate data theft. Indian companies are especially at risk as attackers blend financial fraud with identity or data compromise, targeting the company’s digital backbone and exposing sensitive payroll or vendor details. How It Works: The scam starts with a seemingly innocent request from an executive’s compromised or mimicked email account—often for a minor payment or confidential data like payroll files or vendor lists. Once the victim complies, fraudsters gain trust and escalate slowly, eventually demanding multiple payments or aggregating sensitive data for sale on dark web forums. Attackers scour internal emails for company projects and timing, adapting their tone and requests to appear authentic. International mule accounts are often used to siphon off both money and data. India Angle: Prevalent in the NCR (National Capital Region) and companies with distributed finance teams, this scam often uses Indian intermediaries (UPI mule accounts, telecom numbers from Kerala or Delhi) and exploits familiarity among staff. Enforcement Directorate (ED) reports from 2026 link these attacks to ₹1,000 crore scams routed via Dubai, often involving Indian-origin execs or employees in the money flow chain. Real Examples: - Email: "Only you must know—send 20 Google Play cards for client rewards. Will explain tomorrow." - Follow-up: "Now transfer ₹8 lakh to new Singapore vendor for our urgent project. Keep this confidential." Red Flags: - Multiple payments requested over days, increasing in size - Requests include both money transfers and sensitive company data - Claims everything is confidential, without need for team discussion - Remittance accounts frequently change, sometimes international Protective Measures: - Require an explicit call or video confirmation from the executive for all sensitive requests. - Never send sensitive HR or vendor data without independent management approval. - Track and verify changes in remittance accounts with your bank’s fraud prevention team. - Conduct regular awareness sessions for staff on social engineering tactics. If Victimised: - Immediately limit further payments/data sharing and inform IT/security. - File a report with cybercrime.gov.in and call 1930. - Alert banks, RBI, and, in case of data compromise, notify affected employees/vendors. Related Scams: - Payroll phishing (using fake HR emails to gather salary data) - Gift card social engineering frauds - Vendor email compromise leading to invoice redirection

How This Scam Works — Detailed Explanation

Scammers typically initiate Multi-Stage Business Email Compromise (BEC) by gathering intelligence on the target business through social media platforms, job portals, or even through spear-phishing emails. They often start by impersonating a high-ranking executive or a trusted vendor via email or messaging platforms like WhatsApp. They might create spoofed email addresses similar to that of legitimate executives, making it difficult for employees to discern the real from the fake. Once the scammers establish an initial connection, they gradually start asking for supposedly harmless requests such as minor transfers or gift cards, which they craft as urgent but low-risk requests.

The tactics employed by these scammers are multi-pronged and geared towards psychological manipulation. They often use a mix of urgency and confidentiality to create a sense of pressure. Phrases like "confidential—don't tell anyone" are common, ensuring that employees feel they must act quickly and without proper checks. By requesting small sums of money like gift cards or small UPI transfers first, the scammer builds trust. After a few successful small transactions, they escalate their demands for larger amounts, sometimes including sensitive company data or payroll information as part of an equally urgent request. This stepwise escalation allows them to maintain control over their victim and creates a false sense of security.

The journey for the victim typically begins with an innocent small request that they fulfill without verifying the source. Once the scammer feels confident, they proceed to request larger sums or sensitive information. For instance, a finance manager might receive a message from what appears to be the CEO asking for immediate funds transfer due to a supposed urgent contract. Initially, the manager may comply with smaller requests. The shock often comes later when larger sums are demanded, or when the scammer asks for bank account details or sensitive employee information. This staged approach puts the victim at risk of massive financial losses, as seen in previous incidents where companies have lost crores through such scams.

The impact of this kind of cyber fraud in India is alarming. According to reports, businesses across different sectors lost approximately ₹700 crore to scams involving Business Email Compromise last year. This growing trend has drawn the attention of key regulatory bodies such as the Reserve Bank of India (RBI) and the Ministry of Home Affairs (MHA), which have both issued guidelines on safeguarding against such attacks. The Computer Emergency Response Team of India (CERT-In) regularly publishes advisories warning businesses about best practices and red flags to look for, emphasizing the critical need for cybersecurity in the digital age.

Identifying these scams can be quite tricky, especially when they mimic legitimate communication. However, certain red flags can help. Look out for frequent changes in payee account details and unusual urgency in requests. If there’s ever a request for confidential information combined with an expectation of secrecy, treat it as suspicious. Also, multiple minor payments before a larger request should raise alarm bells. Always verify the authenticity of any financial ask—legitimate companies will not pressure you to act without thorough checks. If something feels off, trust your instincts and re-confirm with multiple layers of hierarchy within your organization before proceeding.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Multi-Stage Business Email Compromise with Data Theft Target?

General public across India

Red Flags — How to Identify Multi-Stage Business Email Compromise with Data Theft

"Confidential—don't tell anyone" messages
Multiple small payments before large ask
Requests for both money and sensitive data
Frequent changes in payee account details
Unusual escalation in request urgency

What To Do If You Encounter Multi-Stage Business Email Compromise with Data Theft

Report suspicious emails immediately to your IT department or CISO.
Verify all payment requests with a secondary confirmation often via voice calls.
Educate your staff about recognizing BEC red flags.
Secure all communications: use encrypted messaging apps for sensitive information.
Track and log all transactions, especially those linked to confidential requests.
If defrauded, immediately contact the cybercrime helpline at 1930 or visit cybercrime.gov.in.

How to Report Multi-Stage Business Email Compromise with Data Theft in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What should I do if I received a suspicious email about a payment?: Do not respond. Contact your IT department and verify the email's source. Report it to the cybercrime helpline at 1930.
How can I identify a Multi-Stage Business Email Compromise?: Look for urgent requests for payments combined with secrecy. Spoofed email addresses and frequent changes in payment details are key indicators.
How do I report a BEC scam in India?: File a report at cybercrime.gov.in or call 1930 for assistance. You may also report the scam to your bank's fraud department.
Can I recover money lost in a Business Email Compromise?: Immediately contact your bank and inform them. If the transaction was made using UPI, report it to NPCI and your bank's helpline for guidance.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.