What to do if I shared my bank details in a Vendor Email Compromise scam?

Immediately inform your bank using their helpline (SBI: 1800-11-1109, HDFC: 1800-202-6161) and report the incident to cybercrime.gov.in.

How can I identify a legitimate vendor email request?

Look for indications of urgency, check for typos in the email address, and confirm any requests directly via phone or video with the vendor.

How to report a Vendor Email Compromise scam in India?

Report to the cybercrime helpline at 1930 or register a complaint at cybercrime.gov.in while contacting your bank immediately.

What are the recovery steps after falling victim to this scam?

Contact your bank to report the fraudulent transaction, preserve all evidence, and file a complaint with local authorities and cybercrime units.

Vendor Email Compromise Targeting Indian SMEs

Verdict: Suspicious | Risk Score: 9/10 | Severity: critical

Category: WhatsApp, Job, Phishing

How Vendor Email Compromise Targeting Indian SMEs Works

Overview: Vendor Email Compromise is a rising threat in India’s rapidly digitalising business landscape. Scammers access or spoof legitimate vendor or supplier email accounts to send fake payment instructions. Indian SMEs and larger supply chain-heavy companies are often targeted, especially in IT, manufacturing, or export sectors. The financial damage can run into tens of lakhs per incident—making this a dangerous scam for any business relying on frequent vendor payments via bank transfers. How It Works: 1. Scammers gather information about business relationships, often using LinkedIn, job portals, or leaked data. 2. They compromise a real vendor's email account through phishing—typically using AI-crafted messages that look genuine. 3. Near invoice deadlines or month-end closures, they send urgent emails from the vendor’s address[ADDRESS_REDACTED]. 4. The message may use subtle fake domains like “vendorindia.co” instead of “vendorindia.com”. 5. Funds are swiftly moved from the receiving account into mule or offshore accounts, making recovery almost impossible. India Angle: India’s vendor-rich and outsourcing-driven sectors (Mumbai, Delhi, Pune hubs) are principal targets. Attackers exploit the Indian habit of trusting email for B2B payments, and weak fraud alerting in some banks. SMEs, exporters, and companies working with overseas partners are at particular risk. Scam emails are typically in English, sometimes transliterated Hindi. Real Examples: A Mumbai textile company received an email from their regular vendor’s address [ADDRESS_REDACTED] has changed: please update payments to Account No. XXXXX, ICICI Bank. Kindly treat as urgent or contract will lapse.” Red Flags: - Minor changes in vendor email addresses - Requests for urgent payment with new banking details - Threats of business loss if payment isn’t made by today - Removal of regular invoice PDFs or use of unfamiliar document templates - Sender resists phone confirmation Protective Measures: - Always confirm payment changes via a known phone number, not by replying to the email - Review sender email address[ADDRESS_REDACTED] - Implement dual-authorization for any payment over ₹1 lakh - Register vendor accounts in your ERP system—verify changes using official contacts, not email - Train staff to recognize invoice fraud tactics If Victimised: - Immediately contact your bank to freeze the transfer - Report the case to the National Cyber Crime portal (cybercrime.gov.in) and helpline 1930 - Notify the RBI and local police if the amount is above ₹1 lakh - Inform all internal stakeholders and freeze any other pending payments to the vendor Related Scams: - Invoice Redirection Fraud: Attackers change invoice PDFs to direct funds. - Compromised Accounting Emails: Internal accountant account is hacked to reroute funds. - Supplier Impersonation Using WhatsApp or SMS.

How This Scam Works — Detailed Explanation

Vendor Email Compromise targeting Indian SMEs is a calculated form of cyber fraud that relies heavily on exploiting digital communication channels. Scammers typically start by either hacking into or spoofing the email accounts of legitimate vendors or suppliers within industries such as IT, manufacturing, and export. They utilize common platforms, like WhatsApp and traditional email services, to impersonate known contacts. By gathering information from social media or business activities, these fraudsters create a façade of trust. This access allows them to monitor communications, gleaning critical information about payment workflows, vendor details, and even the relationships between businesses, making their eventual deception more convincing.

The tactics employed by these scammers are often psychological, intended to leverage urgency and authority. A common scenario involves scammers sending an email that appears to be from a regular vendor, urgently requesting a change in their bank account details. This email usually includes a subtle sense of danger, indicating that failure to act quickly could jeopardize a contract or delay shipment. For instance, they often time their requests to align with month-end financial closings when businesses are busy processing payments. They might also disguise their email addresses or introduce slight typos that are easy to overlook in the heat of the moment, making it difficult for recipients to identify red flags immediately.

Once victims receive the fraudulent email, they often find themselves embroiled in a multi-step process leading them to financial loss. Let's take an example: a manufacturing SME receives an email purporting to be from a trusted supplier, requesting an immediate payment to a new bank account. Trusting the source, the finance team processes this payment through UPI or a direct bank transfer, thinking they have adhered to standard procedure. However, once the funds are dispatched—often amounting to lakhs—the scammer dissociates and disappears. Victims then face a harrowing experience trying to reclaim the lost funds, which can seem almost impossible when dealing with electronic transfers and untraceable accounts.

The real-world impact of Vendor Email Compromise in India is staggering. The Ministry of Home Affairs (MHA) has reported that last fiscal year alone, over ₹1,500 crore was estimated to have been lost to various email scams, with Vendor Email Compromise accounting for a significant portion of this figure. The Reserve Bank of India (RBI) and CERT-In have issued multiple advisories highlighting this cyber threat, especially for SMEs that lack robust cybersecurity frameworks. As digital payments grow, so does the susceptibility of businesses to these scams, often leaving them devastated and financially compromised.

To differentiate between a legitimate communication and a scam, SMEs need to adopt a skeptical approach. Key indicators include email requests for changing bank details that come unexpectedly or linked to urgent deadlines. Legitimate vendors are often more than willing to confirm such changes through a phone call or video meeting. Therefore, an immediate request for a quick action, especially from established relationships, should always be met with a degree of caution. Small typographical errors in email addresses or sudden timing—like year-end or month-end—are other indicators to watch out for. Having proper verification processes in place can help mitigate the risks of falling victim to such scams.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Vendor Email Compromise Targeting Indian SMEs Target?

General public across India

Red Flags — How to Identify Vendor Email Compromise Targeting Indian SMEs

Email requests changing bank details for a regular vendor
Payment urgency tied to business contract loss
Slight typos in email address[ADDRESS_REDACTED]
Resistance to confirming by phone or video call
Requests come at month-end or during financial closings

What To Do If You Encounter Vendor Email Compromise Targeting Indian SMEs

Report the incident immediately by calling the cybercrime helpline at 1930 or visiting cybercrime.gov.in.
Contact your bank's helpline (SBI: 1800-11-1109, HDFC: 1800-202-6161) to flag the transaction as suspicious.
Isolate any affected company systems to prevent further unauthorized access.
Coordinate with the vendor to verify any suspicious payment requests made previously.
Document all communications related to the scam for future reference and legal purposes.
Consider involving law enforcement if significant financial losses were incurred.

How to Report Vendor Email Compromise Targeting Indian SMEs in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my bank details in a Vendor Email Compromise scam?: Immediately inform your bank using their helpline (SBI: 1800-11-1109, HDFC: 1800-202-6161) and report the incident to cybercrime.gov.in.
How can I identify a legitimate vendor email request?: Look for indications of urgency, check for typos in the email address, and confirm any requests directly via phone or video with the vendor.
How to report a Vendor Email Compromise scam in India?: Report to the cybercrime helpline at 1930 or register a complaint at cybercrime.gov.in while contacting your bank immediately.
What are the recovery steps after falling victim to this scam?: Contact your bank to report the fraudulent transaction, preserve all evidence, and file a complaint with local authorities and cybercrime units.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.