How to protect yourself from Payroll Diversion via SWIFT and BEC Tactics?

Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared

Payroll Diversion via SWIFT and BEC Tactics

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: Fraud

How Payroll Diversion via SWIFT and BEC Tactics Works

Overview: Indian companies with large workforces are being hit by a sophisticated payroll scam. Using a combination of hacked executive emails and SWIFT payment manipulation, scammers reroute payroll funds to their own accounts or to cash-out points like crypto wallets. Employees, HR, and payroll teams may remain unaware until salaries are delayed or missing, causing disruption and distress. How It Works: Attackers hack the HR or CFO’s email account or spoof it using lookalike domains. They send urgent emails instructing payroll teams to process the month’s salaries using new payment accounts—sometimes for reasons like 'system upgrades' or 'new banking policies'. These accounts are often international or linked to prepaid cards/crypto. Payments are executed through the firm’s SWIFT-enabled bank, disappearing into scammer-controlled accounts. Sometimes, a BEC attack follows the hack, with double pressure from both compromised and fake email channels. India Angle: IT, BPO, and manufacturing sectors in metro cities (Bengaluru, Pune, Noida) are regularly targeted, often during peak salary processing windows. Firms with large expat or remote staff bases are particularly vulnerable. Real Examples: A Pune BPO receives an urgent directive—'Please use attached new payroll accounts for May salary disbursement due to compliance with parent company.' Bank details point to a European fintech account. Only after multiple employees report non-receipt is the fraud uncovered. Red Flags: - Sudden changes to payroll beneficiary lists - Instructions sent close to payroll deadlines, often via email only - Payment accounts in unfamiliar or overseas banks - Dual communication—official and personal emails urging same Protective Measures: - Validate all account change requests via direct call or face-to-face with decision makers - Insist on written HR/Board approval for payroll changes - Maintain a protected and updated list of employee bank accounts - Schedule mandatory cooldown before processing any large payroll update If Victimised: Attempt fund recall through your bank. Report to cybercrime.gov.in, RBI fraud portal, and your company’s board. Alert all affected employees urgently. Related Scams: - Salary Advance Fraud - Fake HR Email BEC Attacks

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Payroll Diversion via SWIFT and BEC Tactics Target?

General public across India

Red Flags — How to Identify Payroll Diversion via SWIFT and BEC Tactics

Unplanned changes to salary payout instructions
Pressure to process payroll urgently
Overseas or fintech bank accounts for salaries
Correspondence mixing official and free email services

What To Do If You Encounter Payroll Diversion via SWIFT and BEC Tactics

Do not click any links or share personal information
Block and report the sender immediately
Report at cybercrime.gov.in or call 1930
Inform your bank if financial details were shared

How to Report Payroll Diversion via SWIFT and BEC Tactics in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is Payroll Diversion via SWIFT and BEC Tactics?: Overview: Indian companies with large workforces are being hit by a sophisticated payroll scam. Using a combination of hacked executive emails and SWIFT payment manipulation, scammers reroute payroll funds to their own accounts or to cash-out points like crypto wallets. Employees, HR, and payroll teams may remain unaware until salaries are delayed or missing, causing disruption and distress. How It Works: Attackers hack the HR or CFO’s email account or spoof it using lookalike domains. They sen
How does Payroll Diversion via SWIFT and BEC Tactics work?: Overview: Indian companies with large workforces are being hit by a sophisticated payroll scam. Using a combination of hacked executive emails and SWIFT payment manipulation, scammers reroute payroll funds to their own accounts or to cash-out points like crypto wallets. Employees, HR, and payroll teams may remain unaware until salaries are delayed or missing, causing disruption and distress. How
How to protect yourself from Payroll Diversion via SWIFT and BEC Tactics?: Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
How to report Payroll Diversion via SWIFT and BEC Tactics in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.