What should I do if I received a suspicious payment request on WhatsApp?

Immediately verify the request through a separate communication channel with the sender. If it seems fraudulent, report it to your bank and contact 1930 for further assistance.

How can I tell if my WhatsApp account is compromised?

If you notice messages being sent without your knowledge or you receive login alerts from unrecognized devices, your account may be compromised.

Where do I report a WhatsApp scam in India?

Report the scam to the cybercrime helpline at 1930 or file a report at cybercrime.gov.in. It's also advisable to inform your bank about any financial aspects involved.

How can I recover money after falling victim to this scam?

Contact your bank’s customer service to see if the transaction can be reversed. Report the scam to authorities via 1930 or cybercrime.gov.in to increase your chances of recovery.

WhatsApp Web Session Hijack Scheme

Verdict: Suspicious | Risk Score: 8/10 | Severity: high

Category: UPI, WhatsApp, Remote Access

How WhatsApp Web Session Hijack Scheme Works

Overview: In this alarming scam, cybercriminals hijack active WhatsApp Web sessions of senior employees or executives, enabling them to send convincing messages from verified accounts. Victims are usually trusted corporate staff who handle payments or internal communications. Because the attack leverages an official account and ongoing WhatsApp web session, even well-trained employees can fall for this fraud, resulting in major financial losses for Indian businesses. How It Works: Fraudsters gain remote or physical access to an office computer where the executive’s WhatsApp Web is logged in. They wait until the real user is absent or away. Then, using the web interface, the attacker impersonates the executive and initiates urgent fund transfer requests to colleagues, often the finance team. The scammer directs the urgency (“Cannot speak, in a confidential meeting”) and provides the bank account to which funds must be transferred. The staffer, seeing messages come from a legitimate session, often acts immediately. Withdrawals are usually processed via ATM, UPI, or laundered into crypto. India Angle: Indian organisations, especially in major metros and tier-1 cities, are at high risk due to heavy WhatsApp usage for internal communications. Sectors like manufacturing, export, and IT/ITES are prime targets, especially where information security is weak. Companies in Gujarat, Maharashtra, and Karnataka have reported major incidents. The scam is facilitated by poor cybersecurity hygiene, widespread WhatsApp Web reliance, and inadequate device monitoring. Real Examples: - In Ahmedabad, the accounts department receives a WhatsApp ping from the managing director: “Urgent—transfer ₹50 lakh to this partner account. Will explain later, cannot talk now.” - A Mumbai HR executive gets a message: “Use your access to initiate transfer. Please don’t call, secret discussion ongoing.” Red Flags: - Messages from the right WhatsApp account, but style or wording feels abrupt or unnatural. - Urgent fund requests timed during executive’s absence/outstation trip. - New bank accounts given with no prior context. - Immediate secrecy or avoidance of further discussion. Protective Measures: - Log out of all WhatsApp Web sessions on shared/office devices after each use. - Use computer protection tools—antivirus, firewall, and regular updates. - Never approve large transfers based solely on WhatsApp or chat; call to confirm. - Educate staff about this scam through regular awareness campaigns. If Victimised: - Immediately contact the cybercrime helpline (1930), and file an online complaint at cybercrime.gov.in. - Notify your bank to freeze transactions and alert RBI for redressal. - Revoke WhatsApp sessions company-wide; change all vulnerable passwords. Related Scams: - Remote control software fraud (criminals use TeamViewer/AnyDesk to gain access). - Business Email Compromise (BEC) scams, where criminals use compromised email accounts for similar fraud. - Internal HR impersonation for payroll diversion.

How This Scam Works — Detailed Explanation

In the WhatsApp Web Session Hijack Scheme, cybercriminals typically initiate their attack by first identifying senior employees or executives who handle significant corporate transactions. Using phishing techniques, they might compromise email accounts or other forms of communication with malware to access sensitive information. Once they acquire personal or work-related data, they create a deceptive clone of the victim's identity, enabling them to impersonate the victim seamlessly on WhatsApp Web. This impersonation is particularly effective in India, where businesses often rely on platforms like WhatsApp for internal communications and instant transfers via UPI (Unified Payments Interface).

The tactics deployed by these fraudsters play heavily on the psychology of urgency and familiarity. They often send out messages that appear to be from the executive's verified WhatsApp account, which increases the likelihood of the recipient responding without thorough scrutiny. Commonly, they will pose urgent payment requests, insisting that they be completed outside of regular corporate protocol, thereby bypassing usual verification channels. This method manipulates trust, as employees naturally respond to directives from their superiors; the timing of these messages may also coincide with odd hours when the executive is less likely to be reachable, preventing the identification of any discrepancies.

Once the victim is manipulated into believing they are interacting with their superior, the steps leading to financial loss commence. For example, an employee may receive a message from what seems to be their CFO, urgently requesting a UPI transfer to an account that is unfamiliar. With a sense of pressure and the belief that they are simply following protocol, the employee may proceed with the transfer without double-checking or asking for further clarification. A stark example occurred in 2021, where a tech firm in Bengaluru reported a loss of ₹5 crore due to such tactics, emphasizing the severity of the threat within corporate environments.

The impact of this scheme is significantly felt across India. Cybercrime allegations are on the rise, with entities like the Ministry of Home Affairs (MHA) and the Reserve Bank of India (RBI) continuously issuing guidelines and warnings about the vulnerabilities posed by such scams. CERT-In has reported a surge in cybercrime incidents, with billions of rupees lost annually. Victims frequently face not only financial degradation but also reputational loss for their companies, as failure to secure corporate finances can lead to major trust issues among clients and suppliers alike.

To differentiate between this scam and legitimate communications, one needs to be vigilant about several telltale signs. If a senior executive's WhatsApp Web account shows as active but the owner cannot be reached, that’s a red flag. Additionally, if there's a request for urgent payments that bypass normal workflow, or if messages come through at odd hours when the executive is typically unavailable, these should raise suspicion. Furthermore, if unfamiliar account numbers are provided for transfers, always double-check using established communication channels before proceeding, as this may indicate a potential hijack.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does WhatsApp Web Session Hijack Scheme Target?

General public across India

Red Flags — How to Identify WhatsApp Web Session Hijack Scheme

Executive's WhatsApp Web shows active but owner is unreachable
Urgent payment demand without usual workflow steps
Messages at odd hours or when executive is unavailable
Unfamiliar account numbers for transfers

What To Do If You Encounter WhatsApp Web Session Hijack Scheme

Report the incident to the cybercrime helpline at 1930 immediately.
Contact your bank's customer service to alert them of potential fraud.
Verify any unusual transactions with your superior through another communication channel.
Change your WhatsApp password and enable two-step verification to protect your account.
Educate your colleagues about this scam to prevent future incidents.

How to Report WhatsApp Web Session Hijack Scheme in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What should I do if I received a suspicious payment request on WhatsApp?: Immediately verify the request through a separate communication channel with the sender. If it seems fraudulent, report it to your bank and contact 1930 for further assistance.
How can I tell if my WhatsApp account is compromised?: If you notice messages being sent without your knowledge or you receive login alerts from unrecognized devices, your account may be compromised.
Where do I report a WhatsApp scam in India?: Report the scam to the cybercrime helpline at 1930 or file a report at cybercrime.gov.in. It's also advisable to inform your bank about any financial aspects involved.
How can I recover money after falling victim to this scam?: Contact your bank’s customer service to see if the transaction can be reversed. Report the scam to authorities via 1930 or cybercrime.gov.in to increase your chances of recovery.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.