How to protect yourself from Payroll Diversion via Business Email Compromise?

Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared

Payroll Diversion via Business Email Compromise

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: UPI, WhatsApp, Phishing

How Payroll Diversion via Business Email Compromise Works

Overview: Payroll diversion is a scam where fraudsters masquerade as employees or HR managers, convincing Indian business owners to divert salary payments to fake accounts. It exploits insecure business processes and often uses hacked or spoofed company emails to send fraudulent instructions. Payroll staff and small business owners are especially at risk due to lack of strong verification protocols. How It Works: 1. Scammers compromise an employee or HR email account, or create a lookalike. 2. Payroll or accounts teams receive an urgent request to update salary payment details with a new bank account, citing reasons like 'bank closure' or 'urgent medical need.' 3. Salary funds are transferred to a fraudster’s account rather than the legitimate employee’s. 4. By payroll reconciliation, the scammer has already emptied the account and vanished. India Angle: Prevalent in SMEs and fast-growing startups in Pune, Hyderabad, and Delhi NCR, where rapid payroll changes are common. Indian SMEs with a large temporary workforce or remote teams are frequent targets. Official emails often use local language or Hindi for authenticity, but minor spelling errors and formality gaps exist. Real Examples: - A Delhi-based retailer’s HR head received an email from '[UPI_REDACTED].com' with a request to redirect salary for two months. ₹1.2 lakh was lost before detection. - A Pune startup’s payroll officer got an urgent WhatsApp from someone masquerading as the CEO, demanding immediate update of payment details for 'confidential tax reasons.' Red Flags: - Sudden requests to change bank information without prior notice. - Sense of urgency, especially outside normal payroll timelines. - Spoofed or unofficial email domains. - Requests for secrecy or to bypass normal HR protocols. Protective Measures: - Verify all requests for bank account changes through alternate means (phone or face-to-face). - Set up approval workflows and multi-person authorisation for payroll updates. - Train payroll staff to spot suspicious requests and emails. - Keep an audit trail for all payroll changes. If Victimised: - Contact your bank to attempt freezing the fraudulent transfer. - Report to cybercrime.gov.in and the 1930 helpline. - Notify your internal compliance or finance team immediately. Related Scams: - IT refund diversion scams via forged emails. - HR portal phishing to harvest employee credentials.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Payroll Diversion via Business Email Compromise Target?

General public across India

Red Flags — How to Identify Payroll Diversion via Business Email Compromise

Unexpected requests to change salary bank accounts via email/WhatsApp
Pressure for urgent action or secrecy
Requests to override normal HR protocols
Unofficial or misspelt company email addresses

What To Do If You Encounter Payroll Diversion via Business Email Compromise

Do not click any links or share personal information
Block and report the sender immediately
Report at cybercrime.gov.in or call 1930
Inform your bank if financial details were shared

How to Report Payroll Diversion via Business Email Compromise in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is Payroll Diversion via Business Email Compromise?: Overview: Payroll diversion is a scam where fraudsters masquerade as employees or HR managers, convincing Indian business owners to divert salary payments to fake accounts. It exploits insecure business processes and often uses hacked or spoofed company emails to send fraudulent instructions. Payroll staff and small business owners are especially at risk due to lack of strong verification protocols. How It Works: 1. Scammers compromise an employee or HR email account, or create a lookalike. 2.
How does Payroll Diversion via Business Email Compromise work?: Overview: Payroll diversion is a scam where fraudsters masquerade as employees or HR managers, convincing Indian business owners to divert salary payments to fake accounts. It exploits insecure business processes and often uses hacked or spoofed company emails to send fraudulent instructions. Payroll staff and small business owners are especially at risk due to lack of strong verification protocol
How to protect yourself from Payroll Diversion via Business Email Compromise?: Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
How to report Payroll Diversion via Business Email Compromise in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.