Fake IT Job Offer Scams in India 2026: Inside the TCS / Infosys / Accenture Impersonation

Published: 22 May 2026 9 min read By ScanTotal Security Team
Last reviewed: 22 May 2026 by Kumari Rajapaksha, Founder, ScanTotal

The message arrives at the worst possible moment. You’ve been job-hunting for three months. Your LinkedIn shows “Open to work”. You’ve applied everywhere. Today, on Telegram, a message: “Hi, this is Priya from TCS HR. Your profile has been shortlisted for the Java Developer role at ₹9 LPA. Can we schedule an interview tomorrow?”

For someone in their first or second year out of college, this is the message they’ve been waiting for. For someone laid off in the 2024-2025 IT slowdown, even more so. The salary is plausible. The brand is real. The recruiter is friendly. By the time the “registration fee” comes up, usually 24-48 hours later, after a fake interview and a fake offer letter on company letterhead, the victim is emotionally invested. They pay. Sometimes ₹3,000, sometimes ₹25,000.

This guide walks through how the fake-IT-job-offer scam actually works in 2026, what real Indian IT-services recruitment looks like, the four signals that catch the scam every time, and what to do if you’ve already paid.

What the scam looks like end-to-end

Three redacted opening messages from real submissions over the past three months:

Hi, This is HR Anjali from Infosys Pvt Ltd, Bangalore. Your CV matches our requirement for Junior Software Engineer Package: 6.5 LPA + Bonus Joining: Within 7 days Reply YES to continue - Sent on Telegram from @infosys_hr_official_2026
Greetings from TCS HR Team We are pleased to inform you that your profile has been short-listed for an immediate opening. Designation: System Engineer Trainee. CTC: ₹ 9.2 LPA Send your details on this number on WhatsApp: +91 9X XXXX XXXX
Accenture HR, Mumbai Subject: Final Round Interview Dear Candidate, we are conducting walk-in interviews for the role of Associate Software Engineer. A refundable security deposit of ₹ 4,500 is required to confirm your slot. HR Manish · @accenture_jobs_in

The brand changes. The salary changes. The Telegram or WhatsApp number changes. The structure of the conversation does not. The opening message creates a sense of opportunity and time pressure. The follow-up adds detail and apparent professionalism, a fake interview slot, fake panel questions, sometimes even a brief mock video call. The closing ask, always near the end, is for money, framed as a “refundable” deposit, a “registration” fee, a “laptop security” fee, or a “background verification” fee.

How real Indian IT-services recruitment actually works

The single most important fact: no legitimate Indian IT-services employer asks a candidate for money at any stage. Not before the interview, not before the offer letter, not on the day of joining. The cost of hiring is borne entirely by the employer. This is the same across TCS, Infosys, Wipro, HCL, Tech Mahindra, Cognizant, Capgemini, Accenture, IBM India, and every other established services or consulting firm operating in India.

The actual hiring flow for a Tier-1 Indian IT-services firm looks like this:

  1. Sourcing. Either you apply through the company’s official careers portal (careers.tcs.com, infosys.com/careers, accenture.com/in-en/careers) or a recruiter from the company contacts you. If contact is initiated by them, it’s almost always through LinkedIn first, occasionally followed up by email from a corporate domain.
  2. Application screening. You submit a CV through the portal. There’s usually a short online assessment, aptitude, coding, sometimes a personality test, conducted through the company’s assessment platform (HirePro, Mettl, HackerEarth Workforce, or the company’s own).
  3. Interview rounds. One to three rounds, depending on the role. Initial rounds are often virtual via Microsoft Teams or the company’s preferred platform (sent from a corporate email with a real meeting link). Final rounds may be in person at a campus.
  4. Offer. An offer letter from an HR address on a corporate domain, on letterhead, digitally signed, with the full CTC breakdown.
  5. Background verification. Handled by an empanelled BGV partner (First Advantage, AuthBridge, IDfy) who contacts you directly from their own corporate domain. You never pay them. The cost is paid by the employer.
  6. Joining. You receive a joining kit, get set up on company systems, and start. No money has changed hands in your direction.

If anyone at any point in this flow asks you for money, the entire conversation is fraudulent, regardless of whether the rest of the process looked legitimate.

The four signals that catch every variant

1The money ask

This is the only signal that catches every variant, because every variant ends in a money ask. The exact framing varies, “refundable security deposit”, “registration fee”, “laptop fee”, “document verification fee”, “onboarding fee”. The amount varies from ₹1,500 to ₹50,000. Real Indian IT-services employers do not ask for any of these. If the conversation is heading toward a payment from you to them, it is not a real recruitment.

2The contact channel

Real recruiters work from corporate emails on the company’s registered domain, @tcs.com, @infosys.com, @accenture.com, @wipro.com, @cognizant.com. Initial outreach may happen on LinkedIn or by email but rarely on WhatsApp and almost never on Telegram. If a recruiter who claims to be from TCS is messaging you from a personal Gmail address or from a Telegram handle like @tcs_hr_official_2026, you are not speaking to TCS. Real HR people are also happy to be verified through the company’s public switchboard, you can call the published number, ask for the person by name, and confirm they actually work there.

3The offer-letter format

A real Indian IT-services offer letter arrives by email from an HR address on the corporate domain, on letterhead with the company’s registered office address, digitally signed via DocuSign, Adobe Sign, or the company’s own e-signature platform. It has the CTC broken into line items, mentions the joining location, reporting manager (or grade), and contains the company’s CIN, PAN, and GSTIN at the footer. Scam offer letters often have typos in the company name (“Tata Consultance Services”, “Infohsys”, “Accent ure”), are sent from Gmail or Yahoo addresses, use a logo image clearly resized in Word, and instruct you to pay a fee to a personal UPI ID before the offer becomes “active”.

4The timeline pressure

Real Indian IT-services hiring runs on the employer’s timeline, not the candidate’s. There is no genuine reason for a real HR person to need you to decide in 24 hours, pay in 6 hours, or join in 3 days. Scams use artificial deadlines because pressure short-circuits verification. If you’re being told to confirm payment before the “slot closes” tomorrow morning, pause, that pressure is itself the strongest evidence the offer is not real.

What the scam does once you pay

Variant 1, the one-shot. You pay the “registration fee”. The recruiter goes silent. Telegram handle deleted. WhatsApp number unreachable. The fake email address bounces. You realise after a few days that you’ve been had.

Variant 2, the escalation. You pay the registration fee. The next day, “HR” tells you there’s a “background verification” fee. You pay that. The day after, a “laptop security deposit”. Then a “tax pre-payment”. The escalation continues until you stop paying. The total fleeced from a single victim regularly reaches ₹30,000-₹1,00,000 in confirmed cases.

Variant 3, the credential harvest. The fake “onboarding portal” asks for your PAN, Aadhaar, bank account number, IFSC, voter ID, and a scan of your passport for “document verification”. The money grab is small or absent, the real value is the identity-document set, which gets sold or used in synthetic-identity fraud against you later.

Variant 4, the money-mule recruitment. The “job” turns out to be an “internship” where your first task is to receive money in your bank account and forward it to another account “to test the payment system”. The funds are stolen. Your account becomes part of an active fraud chain. When law enforcement traces the proceeds back, your account is the one frozen and you’re the one being investigated.

Variant 4 is the worst-case outcome. It can be hard to prove afterwards that you were a victim and not a participant. If a job involves processing money through your personal bank account on your second day, before you have any employment contract, employee ID, or company-bank-account access, refuse and stop responding immediately.

How to verify a real offer in three minutes

The verification flow takes three minutes and catches every scam:

  1. Look up the company’s real website independently (open a fresh browser tab, search the brand name, click the top organic result). Find the “Careers” or “Contact” section.
  2. Find the company’s switchboard or careers helpline. TCS: +91 22 6778 9999. Infosys: +91 80 2852 0261. Accenture India: +91 80 4109 0000. Wipro: +91 80 2844 0011. (Always verify the current number on the company’s own website.)
  3. Call the switchboard. Ask the receptionist to put you through to HR. Give the recruiter’s claimed name and ask whether they work there. If they don’t, you have your answer in 60 seconds.
  4. Cross-check the recruiter on LinkedIn. Real HR people have public LinkedIn profiles that have been around for more than 30 days, show real connections in the company, and show endorsements from colleagues.

A real recruiter will be entirely comfortable with this process. A scam “recruiter” will either refuse, get aggressive, or vanish.

If you’ve already paid

Move quickly. The first hour matters most:

  1. Call 1930, the national cyber-financial-fraud helpline. If you paid by UPI, IMPS, or bank transfer, give them the transaction reference. They can in some cases ask the receiving bank to freeze the funds before the attacker withdraws.
  2. File at cybercrime.gov.in (the national reporting portal). Free, online, takes 10 minutes.
  3. If you paid by card, call your bank’s anti-fraud line (on the back of your card) and dispute the transaction as “job-offer fraud”.
  4. Preserve evidence. Don’t delete the Telegram chat or WhatsApp messages, screenshot everything first. Save the fake offer letter PDF. Save the payment confirmation. These are evidence for the FIR.
  5. File an FIR at your local police station’s cyber-crime cell. Bring all the evidence. The FIR is what unlocks formal recovery action by your bank.

Be realistic about recovery. If the attacker has already withdrawn the funds (often within 30-60 minutes of receiving them), the money is gone. Recovery in the first hour has decent odds; past 24 hours, it’s the exception, not the rule. Don’t pay any “recovery agent” who contacts you offering to recover your money, that’s the secondary scam that follows the first.

The respectful reality about Indian IT-services employers

TCS, Infosys, Wipro, HCL, Accenture, Cognizant, Capgemini, Tech Mahindra and IBM India employ over two million people in India. They are being impersonated, not failing their candidates. Their actual hiring processes are documented, professional, and free. The reason these brands are impersonated specifically is because they are trusted and because the salary ranges they offer (₹3.5-12 LPA at the junior level) are plausible to someone hoping for their first job, high enough to be exciting, low enough not to trigger suspicion.

The defence is the same across all of them. If anyone asks for money to give you a job, the entire conversation is fraudulent, regardless of the brand, the offered salary, the apparent professionalism, or the artificial urgency. Verify through the company’s published switchboard, not through any contact that came to you.

Got an offer letter that asks for a fee?

Paste the link or upload the PDF to ScanTotal first, we’ll tell you whether the domain is the real employer or an impersonation.

Open Scanner

Check any file, link, or message

Free, private scanning across all six tools, no account required.

Open Scanner Read: Telegram Crypto-Trader Scams in India

Sources & Further Reading

Related Articles

Telegram Crypto-Trader Scams in India
The signal-channel cycle and exit-scam pattern.
Instant Loan App Scams in India
The 6-stage harassment cycle and how to escape it.
KYC Update Scam SMS in India
Real examples and the three tells.