Vendor Bank Account Update SWIFT LoU Manipulation Scam

How Vendor Bank Account Update SWIFT LoU Manipulation Scam Works

Overview: A dangerous scam increasingly impacting Indian exporters and trading companies is the fraudulent vendor update combined with manipulation of SWIFT Letters of Undertaking (LoUs). Attackers impersonate genuine business partners, instructing companies to send payments to “updated” bank accounts abroad. Using compromised or lookalike domains, they urge finance teams to process LoU-backed SWIFT messages to accounts controlled by fraudsters. The risk is severe: such funds are hard to recover, and attacks often bypass normal compliance checks, exposing corporate India to multimillion-rupee losses. How It Works: 1. The scam begins with a phishing email, supposedly from a trusted supplier or vendor, announcing a change in their bank account details. 2. Attackers may register domains deceptively similar to official vendor email address[ADDRESS_REDACTED]. 3. The email uses urgency—such as approaching contract deadlines or supposed compliance issues—to press for fast action. 4. Finance or trade teams are directed to process an LoU via SWIFT to the new banking details, with no independent confirmation from known contacts. 5. Insiders or malware can help push the fraudulent payment through existing approval channels. 6. Once the payment is sent, the international account is quickly emptied and the funds are laundered and dispersed. India Angle: Indian corporates, especially in regions like Gujarat, Maharashtra, and Tamil Nadu with strong export businesses, are common targets. Communication typically occurs over email and WhatsApp, often mimicking standard vendor correspondence. Many such scams involve payments routed through Hong Kong or UK banks, exploiting regulatory gaps in foreign remittance oversight. Real Examples: - "Dear Sir, due to urgent regulatory changes, kindly update our payment details for invoice settlement. New details attached." - "Please process LoU via SWIFT for the attached contract; our old account is now inactive. Timeline is crucial." Red Flags: - Emails requesting payment update to unfamiliar overseas bank accounts - Messages with urgent deadlines linked to contract performance - Vendor emails from slightly altered domains (e.g., s00ply.com instead of supply.com) - Bypassing regular compliance or dual-approval processes Protective Measures: - Always verify vendor bank account changes by calling official numbers previously registered - Initiate a secondary approval process for all LoU and SWIFT transactions relating to vendor account changes - Restrict LoU/guarantee issuance to preapproved contacts and thoroughly audit requests for urgency - Provide ongoing training on recognizing lookalike domains and phishing attempts among finance staff If Victimised: - Contact your bank and attempt to recall the payment immediately - Report the case at cybercrime.gov.in and call 1930 for guidance - Notify RBI and internal compliance teams; document all communication Related Scams: - Executive Impersonation SWIFT Fraud: Management email instructs surprise payments - Deep-Fake Vendor Calls: Fraudsters call posing as vendor representatives using AI-altered voices - Trade Finance Invoice Discounting Frauds

How This Scam Works — Detailed Explanation

The Vendor Bank Account Update SWIFT LoU Manipulation Scam primarily affects exporters and trading companies in India. Scammers leverage platforms like WhatsApp, posing as legitimate business contacts or procurement agents, often sending messages that resemble internal communications. They typically compromise email accounts of genuine vendors or register lookalike domains that closely mimic those of trusted partners. By this means, they initiate fraudulent communications to unsuspecting finance teams, instructing them to update payment details and redirect transactions to accounts controlled by the fraudsters. This tactic ensures that the initial approach appears credible and professional, convincing the victim to act without verification.

To exploit psychological triggers, scammers pressure their targets to act quickly by claiming compliance with fake regulatory needs or upcoming deadlines. For instance, they may state that a change in banking details is necessary for compliance with Reserve Bank of India (RBI) directives or to conclude an international trade contract. By shifting focus to urgency, they diminish critical thinking and challenge the fortified processes that staff might typically follow. Their messages often induce false reassurance of security and legitimacy, which compels finance teams to bypass standard dual-approval processes and to issue payments against Letters of Undertaking (LoUs) to new accounts under the impression they are fulfilling a usual business operation.

Once the victim falls prey to the scam, a series of unfortunate events unfold. Initially, the finance department receives a legitimate-sounding instruction to remit funds to an updated account. In India's trade sector, for example, a textile exporter might receive a message ostensibly from a fabric supplier to send a payment of ₹15 lakh to what appears to be a new foreign account. The finance team initiates a SWIFT transfer, believing they, in fact, have complied with the ethical and contractual obligations to the vendor. However, because these accounts are under the control of fraudsters, the money never reaches its intended destination, and the sender is left searching for answers.

The financial aftermath of such scams is staggering. Recent reports indicate that Indian businesses have lost over ₹100 crore to similar scams in the last year alone. While banks and government agencies like the Ministry of Home Affairs (MHA), the RBI, and CERT-In scramble to issue advisories and implement measures, fraudulent operations continue to proliferate. Victims often find themselves struggling to recover their funds once they’ve entered these illegitimate channels, as SWIFT transactions are irreversible, and tracking down the offenders can take considerable time and effort. Moreover, the fear of reputational damage from being associated with fraudulent transactions leads many companies to remain silent, thus allowing scammers to thrive in the shadows.

To identify legitimate communications, businesses must implement robust verification practices. Companies should maintain updated directories of their verified contacts and bank details, ensuring that any changes are verified through secondary channels, like a phone call to known contacts. Recognizing the common indicators of scams—such as minor discrepancies in email addresses or high-pressure requests for urgent action—can be invaluable in safeguarding company assets. Ensuring compliance with dual-approval protocols and instilling a culture of skeptical scrutiny can greatly reduce the odds of falling victim to these manipulative scams.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Vendor Bank Account Update SWIFT LoU Manipulation Scam Target?

General public across India

Red Flags — How to Identify Vendor Bank Account Update SWIFT LoU Manipulation Scam

• Payment update emails from nearly identical domains
• Pressure for rapid action tied to fake compliance or contracts
• Requests to issue LoU or SWIFT payments to entirely new bank accounts
• No confirmation with known vendor contacts
• Skipping dual-approval or call-back procedures

What To Do If You Encounter Vendor Bank Account Update SWIFT LoU Manipulation Scam

1. Report the scam immediately by calling the national cybercrime helpline at 1930 or visiting cybercrime.gov.in.
2. Verify any requests for payment updates against your company's standard procedures and with known contacts.
3. Ensure that all financial transfers undergo dual approval from separate team members.
4. Educate your finance and procurement teams about the potential risks associated with vendor communications.
5. Set up alerts for any unusual activity in your bank accounts or changes in vendor request patterns.
6. Consult with your bank's fraud department and follow their guidelines if you suspect you have processed a fraudulent transaction.

How to Report Vendor Bank Account Update SWIFT LoU Manipulation Scam in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my bank details in a Vendor Bank Account Update scam?

Immediately contact your bank helpline (SBI: 1800-11-1109, HDFC: 1800-202-6161) to report the potential fraud and request assistance.

How can I identify a Vendor Bank Account Update SWIFT LoU Manipulation Scam?

Check for payment requests from email addresses that closely resemble known vendors but have slight variations, and look for signs of urgency or compliance threats.

What are the steps to report this scam in India?

Report the scam by calling 1930, visiting cybercrime.gov.in, and following your bank's reporting procedure for fraudulent transactions.

How do I recover money or protect my account after this scam?

Contact your bank immediately to freeze any affected accounts and explore options for recovering the funds if sent to a scam account.

Related Scams in India

• Southeast Asian Job Offer Human Trafficking Trap
• Digital Arrest Scam Using Dark Web Data
• Forced-Task Scam Recruiting Indians
• Deep-Fake Emergency SWIFT Payment Scam
• Digital Arrest: Fake Police Call Extortion

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.