How to protect yourself from Payroll Diversion Business Email Scam?

Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared

Payroll Diversion Business Email Scam

Verdict: Suspicious | Risk Score: 9/10 | Severity: critical

Category: UPI, WhatsApp, Job

How Payroll Diversion Business Email Scam Works

Overview: The Payroll Diversion Business Email Scam is a dangerous form of corporate fraud where scammers trick company staff into redirecting employee salaries to fraudulent accounts. Targeting businesses and their payroll departments, these scams use sophisticated email impersonation tactics to steal entire salary batches, leaving employees unpaid and companies scrambling to recover funds. This scam is particularly risky as it often goes undetected until payday, when missing wages trigger confusion and panic. How It Works: - Scammers first send phishing emails designed to look like internal HR, IT, or payroll communication, urging recipients to log in to a payroll portal for updates. - Once an employee enters their credentials into the fake site, scammers obtain their real login details. - Using these credentials, attackers access genuine payroll systems and change the employees' bank account details to accounts controlled by the scammer or their mules. - Notifications about these changes are often suppressed by the attackers, who may create email rules to filter out alerts. - On payday, salaries are diverted to the fraudulent accounts and quickly withdrawn, sometimes via gift cards or overseas wire transfers. - The scam comes to light only when employees complain about not receiving their pay. India Angle: In India, this scam especially targets IT/service sector firms that process payroll through digital portals. Attackers exploit familiarity with remote work platforms and may mimic messages from HR or payroll teams, especially around common pay dates or during annual hikes. Tactics often leverage local systems—unique payroll descriptors, UPI links, and Aadhaar-based authentication requests. Regions with a concentration of BPO/IT jobs like Bengaluru, Pune, and Hyderabad are more frequently targeted. Young professionals and HR staff accustomed to electronic communications are at increased risk. Real Examples: 1. An HR executive receives an email "from [UPI_REDACTED].in" requiring urgent action to update employee salaries before the next cycle. 2. A WhatsApp message claims to be from the "Finance Team" with a link to an "employee benefit portal," asking staff to verify bank details for a "bonus payout." 3. A video call from a fake senior manager (using deepfake technology) instructs an employee to change deposit information for several people. Red Flags: - Emails or messages asking for urgent payroll updates, often at odd hours or just before payday - Changes to employee bank details requested via unofficial channels (WhatsApp, text) - Suppressed system alerts or unexplained changes in email rules - Requests for sensitive information like Aadhaar, PAN, or OTPs - Salary credit delays with no official communication from verified HR Protective Measures: - Always verify requests to change payroll or bank information by directly calling HR or the requesting manager. - Use multi-factor authentication (MFA) for payroll system access. - Ensure alerts are sent to multiple staff members and not easily suppressed. - Regularly train staff to recognize phishing and social engineering tricks. - Audit changes to banking details in the system frequently, especially before payday. If Victimised: - Immediately inform your department head and IT/security team. - Contact your bank to stop further transfers or freeze suspect accounts. - File a complaint with your local police station, and report the matter to the national cybercrime portal (cybercrime.gov.in) and 1930 helpline. - If the fraud involves UPI or Aadhaar details, contact the RBI ombudsman without delay. Related Scams: - "Digital Arrest" payroll fraud: Scammers posing as police intimidate victims into handing over account access, then redirect salaries. - UPI Refund Diversion: Fake refund messages exploit payroll mistakes to siphon money via UPI links. - Investment App BEC: Fraudsters pretend to offer perks or investments, luring bulk payroll transfers to scam apps.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Payroll Diversion Business Email Scam Target?

General public across India

Red Flags — How to Identify Payroll Diversion Business Email Scam

Urgent requests to update bank details before payday
Emails or WhatsApp messages from unfamiliar HR IDs
Suppressed email/system alerts after access changes
Requests for sensitive information or OTPs via unofficial channels
Video calls with unverified identities discussing payroll

What To Do If You Encounter Payroll Diversion Business Email Scam

Do not click any links or share personal information
Block and report the sender immediately
Report at cybercrime.gov.in or call 1930
Inform your bank if financial details were shared

How to Report Payroll Diversion Business Email Scam in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is Payroll Diversion Business Email Scam?: Overview: The Payroll Diversion Business Email Scam is a dangerous form of corporate fraud where scammers trick company staff into redirecting employee salaries to fraudulent accounts. Targeting businesses and their payroll departments, these scams use sophisticated email impersonation tactics to steal entire salary batches, leaving employees unpaid and companies scrambling to recover funds. This scam is particularly risky as it often goes undetected until payday, when missing wages trigger con
How does Payroll Diversion Business Email Scam work?: Overview: The Payroll Diversion Business Email Scam is a dangerous form of corporate fraud where scammers trick company staff into redirecting employee salaries to fraudulent accounts. Targeting businesses and their payroll departments, these scams use sophisticated email impersonation tactics to steal entire salary batches, leaving employees unpaid and companies scrambling to recover funds. This
How to protect yourself from Payroll Diversion Business Email Scam?: Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
How to report Payroll Diversion Business Email Scam in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.