How to protect yourself from Salary Diversion BEC Attack?

Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared

Salary Diversion BEC Attack

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: UPI, WhatsApp, Phishing

How Salary Diversion BEC Attack Works

Overview: The Salary Diversion BEC scam centers around tricking HR teams or payroll processors in Indian organisations into changing an employee’s bank account details. The attacker poses as the employee through a spoofed email, requesting their salary be credited to a new account. Once payroll is processed, the salary goes to the fraudster’s account, leaving the real employee uncompensated and the company exposed to internal trust issues. How It Works: The scammer identifies a likely employee (sometimes the CEO or a manager) and crafts a convincing email from an address [ADDRESS_REDACTED]. The message asks HR or payroll to update the salary bank account, often citing lost access to the previous account or urgent family/medical needs. In some cases, urgent WhatsApp messages support the email claim. Scammers may request UPI or IMPS transfers for partial payments or "advances" as well. Fraudsters usually withdraw the salary immediately from the fake account, complicating recovery. India Angle: This scam flourishes in Indian companies using email for communication and basic HR software without multi-step approvals. It’s especially prevalent in startups, mid-sized businesses, and BPOs across urban India, where remote onboarding and frequent staff changes are common post-pandemic. Festive seasons, when payroll changes are more frequent, see higher risk. Real Examples: - HR at a Gurugram IT company receives an email, "This is Rajesh, I have switched my account to ICICI, please redirect my salary this month." - The HR team gets a WhatsApp ping at 9 pm, "Please process my new salary account urgently, I have a family emergency." Red Flags: - Emails requesting bank changes sent outside office hours - Employee email address[ADDRESS_REDACTED] - No in-person or video confirmation for critical payroll changes - Use of urgent personal stories (medical emergency, travel, etc.) - New salary account located out-of-state Protective Measures: - Always confirm salary account updates through in-person or verified video call - Empower HR to refuse such changes without manager approval - Use HR/payroll software with dual authentication for bank changes - Inform all staff about potential impersonation risks If Victimised: - Stop any further payroll runs immediately if fraud is suspected - Notify finance, bank, and security teams - Report the case at cybercrime.gov.in and helpline 1930 - Check for other attempted changes in recent HR emails Related Scams: - HR Impersonation Email Frauds - UPI Phishing via Fake HR Profiles - Employee Advance Payment Scams

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Salary Diversion BEC Attack Target?

General public across India

Red Flags — How to Identify Salary Diversion BEC Attack

Salary update requests sent late at night or via WhatsApp
Employee email IDs that are not exactly correct
Unverified or rushed approval for payroll changes
Sob-story explanations for urgency
Bank account updates to unfamiliar or distant places

What To Do If You Encounter Salary Diversion BEC Attack

Do not click any links or share personal information
Block and report the sender immediately
Report at cybercrime.gov.in or call 1930
Inform your bank if financial details were shared

How to Report Salary Diversion BEC Attack in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What is Salary Diversion BEC Attack?: Overview: The Salary Diversion BEC scam centers around tricking HR teams or payroll processors in Indian organisations into changing an employee’s bank account details. The attacker poses as the employee through a spoofed email, requesting their salary be credited to a new account. Once payroll is processed, the salary goes to the fraudster’s account, leaving the real employee uncompensated and the company exposed to internal trust issues. How It Works: The scammer identifies a likely employee
How does Salary Diversion BEC Attack work?: Overview: The Salary Diversion BEC scam centers around tricking HR teams or payroll processors in Indian organisations into changing an employee’s bank account details. The attacker poses as the employee through a spoofed email, requesting their salary be credited to a new account. Once payroll is processed, the salary goes to the fraudster’s account, leaving the real employee uncompensated and th
How to protect yourself from Salary Diversion BEC Attack?: Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
How to report Salary Diversion BEC Attack in India?: Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.