Phishing Email with Fake SWIFT Payment Notifications

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: Phishing

How Phishing Email with Fake SWIFT Payment Notifications Works

Overview: This scam involves the use of phishing emails sent to Indian corporates, SMEs, and even individual investors, appearing to be official SWIFT payment notifications. These emails typically claim that a payment is pending or needs urgent approval, luring recipients into clicking links or sharing sensitive banking information. While the initial goal may be to trick users into revealing login credentials, some versions are the first stage of a larger BEC or malware attack. How It Works: 1. The recipient gets an email that looks like a genuine SWIFT message, referencing familiar trade partners or banks. 2. The email urges the recipient to click a link to “track the payment,” “verify account details,” or “download a remittance certificate.” 3. The link leads to a fake login page or a malware download. 4. Once banking credentials or network access is obtained, the attacker may proceed to carry out additional frauds, access internal accounts, or escalate to unauthorized SWIFT transfers. India Angle: With many Indian firms involved in exports and foreign remittances, attackers often localize emails with references to Indian banks, city names, or well-known export partners. These scams are common across Mumbai, Surat, and Hyderabad. Real Examples: - “RBI has flagged a SWIFT payment to your account. Click here to review and approve.” - “Your inward remittance is on hold. Login to resolve with attached certificate.” Red Flags: - Email sender address [ADDRESS_REDACTED] - Unexpected requests to verify or approve payments you weren’t expecting - Links leading to non-bank websites or forms - Grammatical errors or awkward language in urgent messages Protective Measures: - Never click links in payment notification emails unless 100% certain of their origin - Always check sender details by hovering over the email address - [ADDRESS_REDACTED] - Enable two-factor authentication on all banking and corporate accounts If Victimised: - Change all passwords immediately if you clicked a link or shared credentials - Inform your bank and monitor accounts for unauthorized transactions - Report the incident on cybercrime.gov.in and by calling 1930 Related Scams: - BEC Email Invoice Frauds - DocuSign and e-Sign Link Email Phishing - Fake RBI Circular SMS Scams

How This Scam Works — Detailed Explanation

Scammers often target Indian corporates, SMEs, and individual investors by crafting phishing emails that appear legitimate. They typically harvest email addresses through data breaches, social media platforms like LinkedIn, and even through compromised email accounts of existing clients. Once they have a list of potential victims, they use spoofed email addresses that closely resemble those of real financial institutions to enhance the credibility of their scam. An example of this could be a fake email from a domain that looks similar to that of an investment bank or a trusted financial entity, thereby increasing the likelihood of the recipient falling for the scam.

To lure victims, these phishing emails often employ psychological tricks such as urgency and fear. The messages usually state there is a 'pending payment' that requires immediate action or approval. This tactic plays into the recipient's anxiety about missing a payment or allowing an important transaction to fall through. Additionally, the emails can include attachments supposedly containing payment slips or invoices that look authentic but lead to harmful links. Scammers know that the urgency they create can cloud judgment, prompting even the most cautious individuals to act hastily without verifying the authenticity of the request.

Once a victim interacts with the email—by clicking a link or supplying personal information—they are redirected to a counterfeit website that mimics legitimate banking portals. Here, they may inadvertently share sensitive login details or financial information. One incident involved a small business owner in Mumbai who succumbed to such a scam, losing ₹15 lakh when they believed they were approving a valid payment via a fake SWIFT email. Victims typically find their accounts drained or unauthorized transactions made using their credentials shortly after interacting with the phishing email.

The real-world impact of these scams has been significant, with reports indicating that Indian businesses lose over ₹85 crore annually to financial fraud, including phishing schemes. The Ministry of Home Affairs (MHA) and the Reserve Bank of India (RBI) emphasize the importance of reporting such incidents promptly. CERT-In (Computer Emergency Response Team) regularly issues advisories on phishing attacks, urging businesses and individuals to be vigilant. The psychological and financial repercussions for victims can be devastating, often leading to loss of savings and credit standing, not to mention the stress caused by trying to resolve these fraudulent activities.

To distinguish between legitimate communications and phishing attempts, recipients should watch for certain red flags. A legitimate email from a financial institution will always include specific details pertinent to the user, will never demand urgent action without prior notice, and will not prompt the user to enter credentials on a third-party website. Additionally, careful scrutiny of email addresses, looking for misspellings or unusual domain names, and cross-referencing any suspicious emails with official contact points can help prevent falling victim to this sophisticated scam.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Phishing Email with Fake SWIFT Payment Notifications Target?

General public across India

Red Flags — How to Identify Phishing Email with Fake SWIFT Payment Notifications

  • Emails with unfamiliar sender domains about SWIFT payments
  • Requests to urgently verify or approve payments online
  • Links redirecting to non-official pages
  • Language errors or awkward phrasing
  • Attachments named as payment advice or remittance slips

What To Do If You Encounter Phishing Email with Fake SWIFT Payment Notifications

  1. Report the phishing attempt to the cybercrime helpline at 1930 or visit cybercrime.gov.in.
  2. Do not click on links or open attachments in suspicious emails.
  3. Change your online banking passwords immediately if you suspect a phishing attempt.
  4. Contact your bank's helpline (SBI 1800-11-1109 or HDFC 1800-202-6161) to alert them about the phishing email.
  5. Educate your employees or family members about phishing threats and how to spot them.
  6. Monitor your bank and credit card statements regularly for unauthorized transactions.

How to Report Phishing Email with Fake SWIFT Payment Notifications in India

  • Call 1930 — National Cyber Crime Helpline (24x7)
  • File a complaint at cybercrime.gov.in
  • Contact your bank immediately if money was lost
  • Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my Aadhaar or bank details in a phishing scam?
Immediately contact your bank's helpline to secure your accounts and report the incident. Also, file a complaint on cybercrime.gov.in.
How can I identify a phishing email masquerading as a SWIFT payment notification?
Look for unfamiliar sender domains, poor grammar, urgent payment requests, and unexpected attachments.
How do I report phishing scams in India?
Report at the cybercrime helpline 1930 or visit cybercrime.gov.in, and inform your bank of any fraudulent activities.
Can I recover money lost due to a phishing scam?
Recovery options are limited; however, promptly reporting the incident to your bank and following their guidelines can increase your chances.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.