📞 Helpline No: 9311159707, 7859999944

Akhil Bhartiya Cyber Suraksha Sangathan (Regd.)

Regd. with Registrar of Society of NCT Delhi-Regd. No-287

Cyber Criminals se Suraksha, Digital India ki Raksha

अखिल भारतीय साइबर सुरक्षा संगठन (पंजी)

भारत की पहली साइबर क्राइम इन्वेस्टीगेशन एन जी ओ

ऑनलाइन रहें सतर्क, साइबर अपराध से रहें सुरक्षित
www.abcss.org
Email: [email protected]
ETHICAL HACKING & CYBER SECURITY WORKSHOP COMING SOON................ REGISTER HERE (INDIA'S BIGGEST CYBER SECURITY WORKSHOP IN DELHI BY EXPERTS)                 🛡️ CYBER SAFETY AWARENESS DRIVE — SCHOOLS & COLLEGES — REGISTER NOW                 ⚠️ Online fraud? Call 9311159707 immediately — 24×7 Cyber Crime Helpline                🌐 www.abcss.org  |  [email protected]
🎓 INTERNSHIP SUMMER 2026 CYBER SECURITY & ETHICAL HACKING & MANY MORE INTERNSHIP PROGRAM  |  LIMITED SEATS  |  CERTIFICATE PROVIDED  | 
APPLY NOW →
🏠 Home Cyber Crimes 📧 Business Email Compromise

Cyber Links

Important Links

Amit Malhotra – Cyber Crime Investigation Specialist

AMIT MALHOTRA

(Cyber Crime Investigation Specialist)

Founder Akhil Bhartiya Cyber Suraksha Sangathan

18 yrs experience in crime prevention, detection and investigation. Certified Ethical Hacker from Ec-Council. Certified Cyber Crime Investigator from Asian School of Cyber Laws. Presently working in the area of cyber crime investigation.

📧 BUSINESS EMAIL COMPROMISE (BEC) — OVERVIEW
Business Email Compromise (BEC) is one of the most financially devastating cyber crimes targeting organisations, businesses, and individuals worldwide. In a BEC attack, criminals impersonate a trusted person — such as a CEO, senior manager, vendor, lawyer or business partner — using a fake or hacked email account to trick employees into transferring large sums of money or sharing sensitive confidential data. Unlike phishing, BEC attacks are highly targeted, well-researched, and do not rely on malware. Indian companies, startups, exporters and NGOs have lost crores of rupees to BEC fraud. Every employee who handles payments, invoices or confidential information must be aware of this threat.

⚠️ Common Methods Used

  • CEO / boss impersonation via spoofed email
  • Hacking into real business email accounts
  • Fake vendor invoice with changed bank details
  • Lawyer impersonation for urgent fund transfers
  • Domain spoofing (e.g. [email protected])
  • Man-in-the-middle email interception
  • Requesting W-2, employee or tax data via email
  • Fake HR emails asking for payroll redirection

✅ How to Protect Your Organisation

  • Always verify fund transfer requests via phone call
  • Set up multi-person approval for all large payments
  • Enable Multi-Factor Authentication (MFA) on all email accounts
  • Check sender email address carefully — not just display name
  • Never change vendor bank details based on email alone
  • Train all employees to recognise BEC red flags
  • Use email authentication tools — DMARC, DKIM, SPF
  • Establish a verbal call-back policy for all wire transfers

🚨 If Your Organisation Is a Victim

  • Contact your bank immediately — request a wire transfer recall before funds are moved further
  • Call National Cyber Helpline 1930 without delay — faster action improves recovery chances
  • File a complaint at cybercrime.gov.in with all email headers, transaction details and account numbers
  • File FIR at nearest Cyber Crime Cell — bring all email evidence, transaction receipts and communication records
  • Alert your IT department to check if any email account was compromised or hacked
  • Preserve all emails, email headers, chat logs and bank transfer records as evidence
  • Notify your senior management, legal team and cyber insurance provider immediately
  • Do NOT inform the fraudster that you have discovered the scam
📝 Report Business Email Compromise
🔍 Types of Business Email Compromise
👔
CEO Fraud / Boss Impersonation

Criminals spoof or hack the CEO's or MD's email and send urgent messages to finance employees requesting immediate wire transfers to a "confidential" account. The urgency and authority of the sender pressures employees to bypass normal approval processes.

📄
Fake Vendor / Supplier Invoice Scam

Attackers compromise or impersonate a trusted vendor's email and send a legitimate-looking invoice with updated bank account details. Payments are redirected to the fraudster's account. This is the most common BEC attack in India targeting exporters and importers.

⚖️
Lawyer / Legal Counsel Impersonation

Fraudsters pose as lawyers, company solicitors or legal advisors and contact employees about a "confidential merger, acquisition or legal settlement" requiring urgent fund transfer. They exploit the seriousness of legal matters to prevent victims from double-checking.

🏦
Account Compromise (Hacked Email)

Criminals gain access to a legitimate employee or executive's actual email account through phishing or credential theft. They then monitor internal communications for weeks, study payment patterns, and strike at the right moment with a convincing fund transfer request.

💼
Payroll Diversion Fraud

Attackers impersonate an employee and email the HR or payroll department requesting a change of bank account details for salary payment. The next payroll cycle deposits the victim's salary directly into the fraudster's account.

🌐
Domain Spoofing & Lookalike Email

Criminals register domain names nearly identical to a legitimate company (e.g. company-india.com vs companyindia.com) and send emails that appear genuine at first glance. Victims who don't check the full email address carefully are easily deceived.

🗂️
Data Theft BEC (W-2 & Tax Fraud)

Instead of requesting money, attackers impersonate executives and ask HR or finance employees to email employee records, tax documents, salary details, PAN/Aadhaar data or banking information — which is then used for identity theft or sold on the dark web.

🔗
Man-in-the-Email Attack

After compromising a business email account, criminals silently monitor an ongoing payment negotiation between two parties. At the right moment, they intercept the conversation, introduce fraudulent banking details, and divert the payment — without either party suspecting anything.

⚖️ APPLICABLE LAWS
IT Act Sec 43 IT Act Sec 66 IT Act Sec 66C IT Act Sec 66D IPC 419 IPC 420 IPC 465 IPC 468 IPC 120B
IT Act Section 43: Penalty for unauthorized access to computer systems and email accounts — compensation up to ₹1 crore. Applicable when attackers hack into business email accounts.

IT Act Section 66: Computer-related offences including dishonest or fraudulent use of computer systems — up to 3 years imprisonment and/or fine. Applicable to all BEC attackers.

IT Act Section 66C: Identity theft using electronic means including email impersonation — up to 3 years imprisonment + ₹1 lakh fine.

IT Act Section 66D: Cheating by personation using computer resources — up to 3 years imprisonment + ₹1 lakh fine. Directly applicable to CEO fraud and vendor impersonation.

IPC 419: Punishment for cheating by personation — up to 3 years imprisonment + fine. Applicable when criminals impersonate executives, vendors or lawyers.

IPC 420: Cheating and dishonestly inducing delivery of property or funds — up to 7 years imprisonment + fine. Primary section applied in BEC fund transfer fraud.

IPC 465 & 468: Forgery and forgery for purpose of cheating — up to 7 years imprisonment + fine. Applicable to fake invoice and document fraud in BEC attacks.

IPC 120B: Criminal conspiracy — when organised groups or syndicates operate BEC campaigns, all involved members are liable under conspiracy charges.
📝 Report This Crime

CYBER SAFETY TIPS

COMPLAINT & POLICE STATION

MASSMATIC CYBER FORENSIC COURSES