Supplier Impersonation Bank Account Switch Scam

How Supplier Impersonation Bank Account Switch Scam Works

Overview: This scam targets Indian businesses of all sizes, especially those regularly making supplier payments. Criminals pose as trusted vendors or suppliers to trick companies into changing bank details for upcoming payments. These frauds are highly dangerous because the diverted funds are often routed overseas quickly, making recovery nearly impossible. Hundreds of companies, from small traders to multinationals, have lost crores to these cunning digital criminals. How It Works: Scammers often start by gathering email address[ADDRESS_REDACTED]nuine suppliers. These emails alert recipients about 'updated bank account details' for payments, or sometimes claim the vendor has switched banks. They often replicate the tone, branding, and even email signatures of real contacts, using lookalike email address[ADDRESS_REDACTED].in vs [UPI_REDACTED].in). Rushing the process, scammers may cite urgency: 'Pay by today to avoid late fees' or 'We must close this bill before GST filing.' Once the victim updates the bank account and sends payment, the money moves instantly to the fraudster’s mule account and is quickly routed out, often internationally. India Angle: In India, these scams hit both big metros like Mumbai, Delhi, and Bengaluru as well as smaller cities with manufacturing hubs. Common platforms targeted include business email (Gmail, Outlook), WhatsApp for urgent 'reminders', and even phone calls. UPI and NEFT are sometimes used for domestic mules, but most losses happen via wire or SWIFT transfers, especially in cross-border trade. Real Examples: A textile merchant in Surat received an email from a 'regular supplier' informing him about new bank details, matching the supplier’s brand logo. He transferred ₹34 lakh as per instruction—only to find, after a follow-up call to the real supplier, that no such request was sent and the money was gone. In Hyderabad, a procurement officer got a WhatsApp message from a spoofed number, urgently requesting payment to a new 'corporate account.' Red Flags: - Unsolicited requests to change payment account details - Minor spelling differences in sender’s email address - [ADDRESS_REDACTED] - Discrepancies in vendor bank details supplied versus past records - Replies discouraging phone confirmation, e.g., 'I’m traveling, email only please.' Protective Measures: Always verify changes in supplier payment details directly with your known contact via a video call or recorded phone call, not just by replying to the suspicious email. Maintain a secure vendor register showing all confirmed account details. Set up a dual-approval process for major transactions. Use email filtering and BEC (Business Email Compromise) detection tools to catch spoofed senders and flag suspicious language. If Victimised: Act immediately—inform your bank to attempt freezing the payment, then file a report at 1930 and on cybercrime.gov.in. Alert RBI for SWIFT or international transfers. Share evidence like emails and WhatsApp screenshots to aid investigation. Related Scams: Variants include internal employee fraud using BEC tactics, fake invoice scams, and export-import transaction fraud involving dummy shell companies.

How This Scam Works — Detailed Explanation

The Supplier Impersonation Bank Account Switch Scam primarily targets businesses by exploiting email and communication platforms to approach unsuspecting victims. Scammers often research a company's regular suppliers through public sources, such as corporate websites, social media profiles, and trade directories. By identifying existing relationships and key payment cycles, fraudsters then initiate contact, either through forged emails or by hijacking genuine accounts. Many opts to use WhatsApp for its immediacy and familiarity, further blurring the lines of authenticity. This initial contact usually occurs under the pretext of a harmless update about bank account changes or urgent payment requests, which can easily mislead busy business personnel.

The tactics used by these criminals are calculated and manipulative. They often create a sense of urgency, pressuring the target company to act fast without verifying the details. For instance, a scammer may claim an imminent deadline for a transaction, convincing the victim that immediate action is necessary. Additionally, the misuse of known email addresses, which might be slightly altered (e.g., using a different domain), decreases the chances of detection. Spoofed emails may appear professional, containing the same logo, signatures, and formats as those from legitimate suppliers. The manipulation of emotions—like fear of losing a key supplier or missing a critical payment deadline—creates an atmosphere where verification steps are often overlooked.

Once a company is hooked, the process usually continues smoothly. The scammer sends over new payment instructions, often claiming that their account details have changed due to security issues or other superficial reasons. In this intricate web, the actual funds are then redirected to foreign accounts, making recovery incredibly difficult. Many businesses have found themselves in compromising positions, where they credibly confirm the changes believing they are adhering to protocols. Once the payment is executed, which can easily be done through UPI given its swift processing, the funds vanish almost immediately before the victim realizes they've been duped. One notable case involved a mid-sized Indian company that lost ₹5 crore to a scammer posing as a well-known supplier, highlighting the real risk faced by organizations of all sizes.

The impact of such scams has been staggering. The Ministry of Home Affairs (MHA) and the Reserve Bank of India (RBI) have reported that companies across India lost hundreds of crores to cybersecurity fraud, particularly through cases similar to the Supplier Impersonation Bank Account Switch Scam. According to CERT-In advisories, businesses need to stay aware and remain vigilant, as incidents are on the rise. As per recent statistics, the number of reported scams linked to supplier impersonation has increased by nearly 30% over the last year, with firms reporting losses in excess of ₹200 crores collectively. Given the sheer scale of operations and the international network of scammers, local law enforcement struggles to keep up, often leaving victims feeling helpless and vulnerable.

To protect oneself from falling victim to these scams, it is essential to recognize the differences between legitimate and fraudulent communications. Always verify any requests for bank detail changes directly with your supplier via a known contact method; do not use new contact information provided in the email or message. Look for discrepancies in the way invoices are formatted, such as changes in payment instructions or communication channel suddenly shifting from email to messaging apps like WhatsApp without prior notification. Pay close attention to any email addresses that seem slightly different from the original or if the email is demanding urgent action without the ability to verify over the phone. Remaining aware of these potential red flags is crucial for early detection and, ultimately, prevention of scams that could cost businesses dearly.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Supplier Impersonation Bank Account Switch Scam Target?

General public across India

Red Flags — How to Identify Supplier Impersonation Bank Account Switch Scam

• Requests for urgent supplier bank detail updates via email
• Sender email address[ADDRESS_REDACTED]
• Payment instructions discouraging phone verification
• Supplier communication changes channels (e.g., suddenly on WhatsApp)
• Invoice details differ from past records

What To Do If You Encounter Supplier Impersonation Bank Account Switch Scam

1. Report the incident to the cybercrime helpline at 1930 immediately.
2. Contact your bank's helpline (SBI 1800-11-1109, HDFC 1800-202-6161) to freeze accounts or transactions if you suspect fraud.
3. Safeguard your email accounts by changing passwords and enabling two-factor authentication to prevent further hacks.
4. Validate any communications about bank details directly with your known suppliers via a pre-existing contact method.
5. Educate your team members about recognizing phishing attempts and common red flags in emails and messages.
6. File a complaint on cybercrime.gov.in for further investigation and assistance.

How to Report Supplier Impersonation Bank Account Switch Scam in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared bank details in a Supplier Impersonation Bank Account Switch Scam?

Immediately contact your bank's helpline (SBI 1800-11-1109 or HDFC 1800-202-6161) to report the incident and take necessary precautions, including freezing your accounts. You should also report the matter to cybercrime helpline at 1930.

How can I identify a Supplier Impersonation Bank Account Switch Scam?

Look for urgent requests for bank detail updates via email, senders’ email addresses that are slightly altered, and abrupt changes in communication mediums, like moving from email to WhatsApp without prior notice.

What should I do to report this type of scam in India?

You can report this type of scam by calling the cybercrime helpline at 1930 or by filing a complaint at cybercrime.gov.in. Also, inform your bank about the fraudulent activity.

How can I recover money or protect my accounts after this scam?

Contact your bank immediately to report the fraudulent transaction and follow their guidance for recovery. It’s often very difficult to recover funds, especially if they’ve been transferred overseas, but filing a report with authorities can help trigger investigations.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.