Wire fraud in international payments: Protect your business
Every year, Indian exporters and businesses lose significant sums to a scam most never see coming. A client emails with updated banking details. The invoice looks genuine. The email address appears familiar. You process the payment. The money disappears into a fraudster's account, and your real client never receives a rupee.
This is wire fraud. More specifically, it is a scheme called Business Email Compromise, or BEC. It has become one of the most financially damaging forms of cybercrime worldwide. Recent FBI Internet Crime Complaint Centre reports show that Business Email Compromise has generated over $2 billion in annual losses. Median losses per incident typically reach tens of thousands of dollars, and BEC attacks have shown continued double-digit year-on-year growth. For Indian exporters and freelancers receiving USD, GBP, or EUR, the exposure is real and rising.
Unlike chargeback fraud, where a buyer disputes a completed payment, wire fraud is a different threat entirely. The money leaves your client's account willingly, sent to a fraudster who has intercepted the conversation. By the time anyone realises what happened, the transfer has cleared.
How BEC wire fraud actually works
BEC scams target the payment stage of a business relationship. Fraudsters do not need to hack your bank. They exploit trust and timing instead.
A typical attack follows this sequence.
Step one: The attacker monitors email communication, either yours, your client's, or a supplier's. They study invoices, payment terms, and writing patterns. This reconnaissance phase can run for weeks.
Step two: They impersonate a known party, your overseas client, a supplier, or your own accounts team. The email looks authentic. Sometimes it comes from a domain with one character changed, such as "clientco-in.com" instead of "clientco.com". In other cases, the attacker has genuinely compromised the other party's inbox and sends from the real address.
Step three: The fraudulent email arrives near an invoice due date. It notifies you of a bank account change and asks you to redirect the upcoming payment to new details.
Step four: You process the wire. Funds land in the fraudster's account, often held in another country. Your real client never sees the money.
Step five: Your real client follows up about the unpaid invoice. By then, the transfer has already cleared. International wires are extremely difficult to reverse once settled.
This is why wire fraud is so damaging. Unlike a credit card payment, a wire transfer carries no built-in dispute mechanism. Once the money moves, the burden of recovery falls almost entirely on the victim.
Why Indian exporters and businesses are a target
Indian exporters and service businesses routinely transact in hard currency across borders. Many do this through informal channels: email threads, WhatsApp messages, and PDF invoices with no digital signature. These are exactly the gaps fraudsters use.
Several factors raise the risk. Payments tend to be large and in USD or GBP. Deals often involve overseas relationships, where calling to verify a bank change can feel awkward or presumptuous. Many SME exporters lack formal cybersecurity policies. Account details are changed via unprotected email with no verification step.
The timing also works against exporters. BEC attacks disproportionately target transactions at quarter-end, during busy seasons, or when key personnel are travelling or unavailable. These are exactly the periods when Indian exporters are most focused on getting paid quickly and are least likely to pause and verify.
Freelancers working with international clients face the same exposure. A developer in Bengaluru receiving a USD retainer from a US agency, or a graphic designer in Chennai sending revised bank details to a European client, can fall victim to the same BEC playbook as a mid-size exporter. Understanding the full range of payment scams targeting freelancers builds a stronger foundation for anyone earning internationally.
Real-world scenarios to recognise
These scenarios reflect patterns that play out repeatedly across Indian export and services businesses.
Scenario one: A textile exporter in Surat has a long-standing buyer in Germany. The buyer's email account is compromised. Two days before a large payment is due, a fraudster sends an email from the buyer's real address with updated bank details. The exporter processes the wire. The German buyer raises an overdue invoice query a week later. Funds are gone.
Scenario two: A software services company in Pune pays a US cloud infrastructure vendor monthly. A spoofed email arrives from "vendor-billing@cloudservices-inc.com", note the hyphen added to the domain. It requests an update to the mandate for the current month's invoice. The finance team updates the saved bank details without a verification call. Funds go to a mule account.
Scenario three: A UX designer in Hyderabad has a regular US client. An email arrived,s appearing to be from that client, citing an issue with the previous bank account. It asks the designer to resend their invoice with revised coordinates. The client, when chased, does not know the email.
All three share one thing. Email is the attack surface, and wire transfers are the objective.
Red flags you should not ignore
Stopping a BEC attack before the wire goes out is the only reliable defence. Train yourself and your team to recognise these warning signs.
Unsolicited bank account change requests. Any email asking you to update payment details should immediately raise concern. Legitimate clients and vendors rarely change bank accounts mid-relationship without prior conversation.
Urgency pressure. An email that says "please update and process today, the old account is being closed" is designed to prevent verification. Real clients do not demand same-day account changes with no notice.
Domain variations. Check sender addresses character by character. "winvestaa. in" and "winvesta-payments. in" are not the same as "winvesta.in". BEC attackers rely on you reading addresses at a glance rather than inspecting them closely.
Requests to move off email. Fraudsters sometimes shift the conversation to WhatsApp or SMS to bypass email security tools and create a channel with no audit trail. Any such request should prompt immediate caution.
Invoice detail mismatches. If the account number, SWIFT/BIC code, or beneficiary name on an invoice differs from what you have saved, do not process it until you verify directly by phone using a number you already have on file.
Shifts in tone or writing style. A change in phrasing, unexpected formality, or subtle grammatical errors in otherwise professional communication can signal a compromised or spoofed account.
What to do if you've been hit
Speed is the single most important factor. Funds can sometimes be frozen if you act within hours of realising the transfer was fraudulent.
Call your bank immediately. Request a wire recall. International recalls are not guaranteed, but acting within the first few hours gives you the best realistic chance of a freeze or return.
Report to the Indian Cyber Crime Reporting Portal at cybercrime.gov.in. You can also call the helpline at 1930, the national cyber-financial fraud helpline operated by the Ministry of Home Affairs.
File an FIR at your nearest police station for cheating and online impersonation under the relevant provisions of the Bharatiya Nyaya Sanhita (BNS 2024). Sections such as 318 and 319 may apply; a legal adviser can confirm which provisions fit your specific case.
Notify your overseas client or partner immediately. If their email was compromised, they need to secure their account and alert others before the attacker uses the same access again.
Preserve every piece of evidence. Save full email threads, including message headers. Screenshot your payment portal confirmation. Document timestamps and communication details. This record is essential for legal proceedings and any insurance or bank escalation.
Industry surveys suggest that only a minority of businesses recover most of the funds lost to payment fraud, even when they report quickly. The recovery window is narrow, and the chances shrink the longer the action is delayed. For businesses that regularly receive international payments via SWIFT, understanding how wire recalls and correspondent bank channels work can give you a critical head start when time matters. Our guide to SWIFT transfers for Indian exporters covers this in detail.
Building a fraud-resistant payment process
Strong prevention does not require complex systems. It requires consistent habits applied to every payment.
Verify all account changes by phone. Before updating any saved payment details, call the client or supplier at a number you have independently verified, not one included in the suspicious email. This single step blocks the large majority of BEC attacks.
Create a fixed protocol for confirming payment details. When you onboard a new client, confirm their bank details in writing and lock them. Treat any future change request as requiring video call confirmation or a signed document before you act.
Require two people to approve unusual payments. If your team has more than one person, no single individual should be able to update payment details and process a transfer without a second review. Fraudsters specifically target businesses where one person processes payments without anyone checking their work.
Digitally sign your invoices. A signed PDF is meaningfully harder to tamper with mid-email thread than a plain attachment. Where possible, use invoicing tools that embed a verifiable signature.
Use a dedicated collection account with stable, fixed details. This is where Winvesta's Global Currency Account makes a practical difference. With a GCA, you receive a dedicated local account number in the US, UK, or Europe, a fixed identity that your clients save and reuse each time they pay you. Because the account number is stable and tied to a verified entity, there is no legitimate reason for it ever to change mid-relationship.
Any email asking a client to redirect funds away from your verified GCA number becomes immediately suspicious, to both you and them. Every payment into your GCA is also documented with full transaction records, FIRA, and e-FIRC, giving you a verifiable audit trail for any dispute, compliance review, or legal escalation.
For freelancers, the same logic applies. A fixed, documented account number is a cleaner, safer way to receive international payments than sharing coordinates via email with each invoice. If you don't already have a Winvesta Global Currency Account, you can open one at winvesta. i. The setup takes a few minutes, and you'll receive dedicated local account details for the US, UK, and Europe.
Keep payment instructions out of regular email threads. Share your account details through a stable portal link or your Winvesta dashboard reference, something your client bookmarks once and returns to. The less often bank details change hands via email, the smaller the attack surface.
What is changing in 2026
BEC scams are actively evolving. Recent surveys of treasury and finance professionals report increasing use of AI-generated voice and video deepfakes in payments fraud, where attackers impersonate executives or clients to push through urgent wire transfers. A fraudster can now generate a near-convincing imitation of someone's voice using publicly available audio, making even a phone call less reliable as a sole verification method.
The most durable protection is a payment process with fewer variables. When your banking details do not change, when every payment follows a documented path, and when your clients know exactly where to send money, fraud has less room to operate. Verification habits, fixed account structures, and a team culture where no one processes an unusual payment alone are the foundations that hold up even as attack methods evolve.
A Winvesta Global Currency Account gives you a fixed, verified collection identity in USD, GBP, and EUR, the kind of stable payment structure that removes most of the friction fraudsters exploit. Open your Winvesta account at winvesta. And take one of the most practical steps available to protect your international payments.
Fraud thrives in confusion and urgency. Remove both, and you remove most of the risk.
Disclaimer: The information provided in this blog is for general informational purposes only and does not constitute financial or legal advice. Winvesta makes no representations or warranties about the accuracy or suitability of the content and recommends consulting a professional before making any financial decisions.
Get paid globally. Keep more of it.
No FX markups. No GST. Funds in 1 day.
Every year, Indian exporters and businesses lose significant sums to a scam most never see coming. A client emails with updated banking details. The invoice looks genuine. The email address appears familiar. You process the payment. The money disappears into a fraudster's account, and your real client never receives a rupee.
This is wire fraud. More specifically, it is a scheme called Business Email Compromise, or BEC. It has become one of the most financially damaging forms of cybercrime worldwide. Recent FBI Internet Crime Complaint Centre reports show that Business Email Compromise has generated over $2 billion in annual losses. Median losses per incident typically reach tens of thousands of dollars, and BEC attacks have shown continued double-digit year-on-year growth. For Indian exporters and freelancers receiving USD, GBP, or EUR, the exposure is real and rising.
Unlike chargeback fraud, where a buyer disputes a completed payment, wire fraud is a different threat entirely. The money leaves your client's account willingly, sent to a fraudster who has intercepted the conversation. By the time anyone realises what happened, the transfer has cleared.
How BEC wire fraud actually works
BEC scams target the payment stage of a business relationship. Fraudsters do not need to hack your bank. They exploit trust and timing instead.
A typical attack follows this sequence.
Step one: The attacker monitors email communication, either yours, your client's, or a supplier's. They study invoices, payment terms, and writing patterns. This reconnaissance phase can run for weeks.
Step two: They impersonate a known party, your overseas client, a supplier, or your own accounts team. The email looks authentic. Sometimes it comes from a domain with one character changed, such as "clientco-in.com" instead of "clientco.com". In other cases, the attacker has genuinely compromised the other party's inbox and sends from the real address.
Step three: The fraudulent email arrives near an invoice due date. It notifies you of a bank account change and asks you to redirect the upcoming payment to new details.
Step four: You process the wire. Funds land in the fraudster's account, often held in another country. Your real client never sees the money.
Step five: Your real client follows up about the unpaid invoice. By then, the transfer has already cleared. International wires are extremely difficult to reverse once settled.
This is why wire fraud is so damaging. Unlike a credit card payment, a wire transfer carries no built-in dispute mechanism. Once the money moves, the burden of recovery falls almost entirely on the victim.
Why Indian exporters and businesses are a target
Indian exporters and service businesses routinely transact in hard currency across borders. Many do this through informal channels: email threads, WhatsApp messages, and PDF invoices with no digital signature. These are exactly the gaps fraudsters use.
Several factors raise the risk. Payments tend to be large and in USD or GBP. Deals often involve overseas relationships, where calling to verify a bank change can feel awkward or presumptuous. Many SME exporters lack formal cybersecurity policies. Account details are changed via unprotected email with no verification step.
The timing also works against exporters. BEC attacks disproportionately target transactions at quarter-end, during busy seasons, or when key personnel are travelling or unavailable. These are exactly the periods when Indian exporters are most focused on getting paid quickly and are least likely to pause and verify.
Freelancers working with international clients face the same exposure. A developer in Bengaluru receiving a USD retainer from a US agency, or a graphic designer in Chennai sending revised bank details to a European client, can fall victim to the same BEC playbook as a mid-size exporter. Understanding the full range of payment scams targeting freelancers builds a stronger foundation for anyone earning internationally.
Real-world scenarios to recognise
These scenarios reflect patterns that play out repeatedly across Indian export and services businesses.
Scenario one: A textile exporter in Surat has a long-standing buyer in Germany. The buyer's email account is compromised. Two days before a large payment is due, a fraudster sends an email from the buyer's real address with updated bank details. The exporter processes the wire. The German buyer raises an overdue invoice query a week later. Funds are gone.
Scenario two: A software services company in Pune pays a US cloud infrastructure vendor monthly. A spoofed email arrives from "vendor-billing@cloudservices-inc.com", note the hyphen added to the domain. It requests an update to the mandate for the current month's invoice. The finance team updates the saved bank details without a verification call. Funds go to a mule account.
Scenario three: A UX designer in Hyderabad has a regular US client. An email arrived,s appearing to be from that client, citing an issue with the previous bank account. It asks the designer to resend their invoice with revised coordinates. The client, when chased, does not know the email.
All three share one thing. Email is the attack surface, and wire transfers are the objective.
Red flags you should not ignore
Stopping a BEC attack before the wire goes out is the only reliable defence. Train yourself and your team to recognise these warning signs.
Unsolicited bank account change requests. Any email asking you to update payment details should immediately raise concern. Legitimate clients and vendors rarely change bank accounts mid-relationship without prior conversation.
Urgency pressure. An email that says "please update and process today, the old account is being closed" is designed to prevent verification. Real clients do not demand same-day account changes with no notice.
Domain variations. Check sender addresses character by character. "winvestaa. in" and "winvesta-payments. in" are not the same as "winvesta.in". BEC attackers rely on you reading addresses at a glance rather than inspecting them closely.
Requests to move off email. Fraudsters sometimes shift the conversation to WhatsApp or SMS to bypass email security tools and create a channel with no audit trail. Any such request should prompt immediate caution.
Invoice detail mismatches. If the account number, SWIFT/BIC code, or beneficiary name on an invoice differs from what you have saved, do not process it until you verify directly by phone using a number you already have on file.
Shifts in tone or writing style. A change in phrasing, unexpected formality, or subtle grammatical errors in otherwise professional communication can signal a compromised or spoofed account.
What to do if you've been hit
Speed is the single most important factor. Funds can sometimes be frozen if you act within hours of realising the transfer was fraudulent.
Call your bank immediately. Request a wire recall. International recalls are not guaranteed, but acting within the first few hours gives you the best realistic chance of a freeze or return.
Report to the Indian Cyber Crime Reporting Portal at cybercrime.gov.in. You can also call the helpline at 1930, the national cyber-financial fraud helpline operated by the Ministry of Home Affairs.
File an FIR at your nearest police station for cheating and online impersonation under the relevant provisions of the Bharatiya Nyaya Sanhita (BNS 2024). Sections such as 318 and 319 may apply; a legal adviser can confirm which provisions fit your specific case.
Notify your overseas client or partner immediately. If their email was compromised, they need to secure their account and alert others before the attacker uses the same access again.
Preserve every piece of evidence. Save full email threads, including message headers. Screenshot your payment portal confirmation. Document timestamps and communication details. This record is essential for legal proceedings and any insurance or bank escalation.
Industry surveys suggest that only a minority of businesses recover most of the funds lost to payment fraud, even when they report quickly. The recovery window is narrow, and the chances shrink the longer the action is delayed. For businesses that regularly receive international payments via SWIFT, understanding how wire recalls and correspondent bank channels work can give you a critical head start when time matters. Our guide to SWIFT transfers for Indian exporters covers this in detail.
Building a fraud-resistant payment process
Strong prevention does not require complex systems. It requires consistent habits applied to every payment.
Verify all account changes by phone. Before updating any saved payment details, call the client or supplier at a number you have independently verified, not one included in the suspicious email. This single step blocks the large majority of BEC attacks.
Create a fixed protocol for confirming payment details. When you onboard a new client, confirm their bank details in writing and lock them. Treat any future change request as requiring video call confirmation or a signed document before you act.
Require two people to approve unusual payments. If your team has more than one person, no single individual should be able to update payment details and process a transfer without a second review. Fraudsters specifically target businesses where one person processes payments without anyone checking their work.
Digitally sign your invoices. A signed PDF is meaningfully harder to tamper with mid-email thread than a plain attachment. Where possible, use invoicing tools that embed a verifiable signature.
Use a dedicated collection account with stable, fixed details. This is where Winvesta's Global Currency Account makes a practical difference. With a GCA, you receive a dedicated local account number in the US, UK, or Europe, a fixed identity that your clients save and reuse each time they pay you. Because the account number is stable and tied to a verified entity, there is no legitimate reason for it ever to change mid-relationship.
Any email asking a client to redirect funds away from your verified GCA number becomes immediately suspicious, to both you and them. Every payment into your GCA is also documented with full transaction records, FIRA, and e-FIRC, giving you a verifiable audit trail for any dispute, compliance review, or legal escalation.
For freelancers, the same logic applies. A fixed, documented account number is a cleaner, safer way to receive international payments than sharing coordinates via email with each invoice. If you don't already have a Winvesta Global Currency Account, you can open one at winvesta. i. The setup takes a few minutes, and you'll receive dedicated local account details for the US, UK, and Europe.
Keep payment instructions out of regular email threads. Share your account details through a stable portal link or your Winvesta dashboard reference, something your client bookmarks once and returns to. The less often bank details change hands via email, the smaller the attack surface.
What is changing in 2026
BEC scams are actively evolving. Recent surveys of treasury and finance professionals report increasing use of AI-generated voice and video deepfakes in payments fraud, where attackers impersonate executives or clients to push through urgent wire transfers. A fraudster can now generate a near-convincing imitation of someone's voice using publicly available audio, making even a phone call less reliable as a sole verification method.
The most durable protection is a payment process with fewer variables. When your banking details do not change, when every payment follows a documented path, and when your clients know exactly where to send money, fraud has less room to operate. Verification habits, fixed account structures, and a team culture where no one processes an unusual payment alone are the foundations that hold up even as attack methods evolve.
A Winvesta Global Currency Account gives you a fixed, verified collection identity in USD, GBP, and EUR, the kind of stable payment structure that removes most of the friction fraudsters exploit. Open your Winvesta account at winvesta. And take one of the most practical steps available to protect your international payments.
Fraud thrives in confusion and urgency. Remove both, and you remove most of the risk.
Disclaimer: The information provided in this blog is for general informational purposes only and does not constitute financial or legal advice. Winvesta makes no representations or warranties about the accuracy or suitability of the content and recommends consulting a professional before making any financial decisions.
Get paid globally. Keep more of it.
No FX markups. No GST. Funds in 1 day.
