What to do if I shared my payment details through a fake CFO email?

Immediately report the incident to your bank’s helpline and File a complaint at cybercrime.gov.in. Change your bank passwords as a precaution.

How can I identify a fake CFO email for vendor payment?

Look for inconsistencies in the email address, such as slight misspellings or different domains. Genuine emails will typically be consistent in formatting.

How do I report vendor account swapping scams in India?

You can report such scams by calling the cybercrime helpline 1930 or visiting cybercrime.gov.in. Additionally, inform your bank about the fraudulent activity.

What are the chances of recovering money lost due to this scam?

Recovery chances are low as most transactions are irreversible, especially with UPI. However, notifying your bank and filing a police report may help in tracing the funds.

Vendor Account Swapping through Fake CFO Emails

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: UPI

How Vendor Account Swapping through Fake CFO Emails Works

Overview: In this scam, fraudsters hijack conversations between Indian companies and their regular suppliers. By tricking finance teams through lookalike emails, scammers send convincing messages—appearing as company CFOs or trusted vendors—informing staff that bank details have changed. If a payment is made to the "new account," money is stolen and almost impossible to recover, putting both the company and vendor at risk of financial loss and damaged business relationships. How It Works: Attackers monitor or intercept existing email conversations between Indian firms and their vendors, often after compromising a vendor’s email account. They send an email from a domain with a small alteration (example: [UPI_REDACTED]-corp.co versus [UPI_REDACTED].co) claiming the vendor has changed their bank account on the CFO’s instructions. The finance team, trusting the familiar exchange, updates the account details and reroutes payments to the fraudster’s bank, often overseas. India Angle: This scam is common across Indian manufacturing, IT, and export sectors, frequently targeting businesses in the Delhi-NCR and Mumbai regions. Scammers exploit the typical Indian business reliance on large vendor payments and often use platforms like Gmail, Yahoo Mail, and Outlook—widely popular in Indian corporates. Real Examples: - "Dear Suresh, as per CFO's directive, please update your records and send this month’s payment to our new account at HSBC Hong Kong." - Follow-up call: "Our old account is under audit. New account is safer for this payment cycle." Red Flags: - Slight variations in familiar email addresses - Sudden requests to change vendor payment details without prior notice - Explanations about "audits" or "emergencies" requiring change - Push to act before end of business day Protective Measures: - Always confirm any vendor or payment detail change via a phone call to a known and trusted contact number - Verify email domains and sender address[ADDRESS_REDACTED] - Insist on written confirmation from official emails before making changes - Train staff to report any unusual requests or emails If Victimised: - Immediately halt payments, contact your bank to attempt a reversal - Report the incident to authorities via 1930 and cybercrime.gov.in - Inform all vendors and relevant internal teams to prevent further fraud Related Scams: - Internal invoicing scams - Fake company registration payment demands - Payment diversion using hacked email threads

How This Scam Works — Detailed Explanation

In the world of business, communication is vital for transactions, especially in India where Unified Payments Interface (UPI) has revolutionized the way companies conduct their financial dealings. Scammers exploit this dependency on digital communication by finding potential victims through LinkedIn or business directories. They identify companies that frequently engage with specific vendors, allowing them to create. This targeted approach increases their chances of success. Once they have identified a company and its regular vendors, they can hijack email threads by sending fake emails that look convincingly real. These can be crafted to look like messages from the Chief Financial Officer (CFO) or other high-ranking officials of the victim's organization, tricking employees into thinking that the message is legitimate and urgent.

The tactics employed in this scam rely heavily on psychological manipulation. Scammers often rush their targets by using words like 'urgent' or 'immediate action required' in their emails, which spurs the finance teams into action without thoroughly verifying the authenticity of the request. Moreover, fraudsters carefully mimic email addresses—often creating slight variations using alternative domains that resemble the company's actual domain—making it nearly impossible to identify the fraud at first glance. This creates a sense of trust and urgency, leading employees to comply quickly. The communication might inform teams that the vendor's bank details have changed due to operations issues, making it easier for the scammer to offer fresh, convincing information.

Once a victim engages with the scammer, the process accelerates rapidly. A company might receive an email with bank details provided under the guise of their trusted vendor's name. For instance, let's say a company based in Mumbai conducts regular transactions with a supplier in Delhi. If that supplier's account details have been compromised, the fraudster can simply send an email indicating that funds should be transferred to the 'new account.' If the company makes a payment to this new account—believing it to be legitimate—the money is quickly siphoned off. With popular UPI transactions, such transfers happen in real-time, making recovery nearly impossible. In a recent case, a company lost ₹2 crore to such a scam, and upon realizing the fraud, they struggled to reverse the transaction, as UPI transfers are typically instantaneous and irreversible.

The impact of these scams on businesses in India can be staggering. It’s estimated that in the last fiscal year alone, approximately ₹4,000 crore was lost due to various forms of corporate frauds, including vendor account swapping. Authorities like the Ministry of Home Affairs (MHA) and the Reserve Bank of India (RBI) have issued guidelines highlighting the increasing trends of such scams. CERT-In has also published advisories urging businesses to remain vigilant and conduct thorough checks on any changes in vendor payment details. The repercussions go beyond financial loss; they include damage to trust between vendors and clients, legal issues, and sometimes, a complete halt to business operations while fraud investigations ensue.

To differentiate between a scam and a legitimate communication, it’s crucial to focus on specific signs. Genuine communications from CFOs or trusted vendors usually have a consistent format, including company logos, detailed contact information, and signatures. If communication appears sudden or deviates from regular patterns—like sudden changes in payment methods or bank details—it’s essential to verify through a different communication channel (like a phone call or a separate email) directly with the vendor or the course of communication. Additionally, check for spelling errors or suspicious domain names in email addresses, which are often clues that you're dealing with a scam. Taking these small steps can save your organization from significant financial and reputational damage.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Vendor Account Swapping through Fake CFO Emails Target?

General public across India

What To Do If You Encounter Vendor Account Swapping through Fake CFO Emails

Report the incident immediately by calling the cybercrime helpline 1930 or visiting cybercrime.gov.in.
Verify any sudden requests for account changes by directly contacting the vendor through official communication channels.
Cross-check emails and messages, especially those pertaining to payment changes, by calling known numbers of specific company representatives.
Set up multi-factor authentication for company email accounts to prevent unauthorized access.
Educate your finance team about the signs of email spoofing and scams, ensuring they are equipped to identify suspicious communications.
Never click on links provided in unsolicited emails or communications for changing payment information.

How to Report Vendor Account Swapping through Fake CFO Emails in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my payment details through a fake CFO email?: Immediately report the incident to your bank’s helpline and File a complaint at cybercrime.gov.in. Change your bank passwords as a precaution.
How can I identify a fake CFO email for vendor payment?: Look for inconsistencies in the email address, such as slight misspellings or different domains. Genuine emails will typically be consistent in formatting.
How do I report vendor account swapping scams in India?: You can report such scams by calling the cybercrime helpline 1930 or visiting cybercrime.gov.in. Additionally, inform your bank about the fraudulent activity.
What are the chances of recovering money lost due to this scam?: Recovery chances are low as most transactions are irreversible, especially with UPI. However, notifying your bank and filing a police report may help in tracing the funds.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.