Bengaluru|November 9, 2025: Indian pharmaceutical major Dr. Reddy’s Laboratories Ltd. has reportedly fallen victim to a sophisticated corporate cyber fraud, resulting in a loss of approximately ₹2.16 crore. The fraudsters allegedly impersonated a company executive through email spoofing and successfully redirected a vendor payment into a fake bank account.
How the Fraud Unfolded
The complaint was lodged by Mahesh Babu K from Group Pharmaceuticals Ltd., which had supplied goods worth ₹2.16 crore to Dr. Reddy’s. According to the FIR filed with the Bengaluru City Cyber Crime Police, hackers intercepted the ongoing email communication between the two companies and used a spoofed email ID—KKeshav@Grouppharma.in instead of the genuine kkeshav@grouppharma.in—to deceive Dr. Reddy’s finance team.
The spoofed email directed the finance team to transfer the payment to a new Bank of Baroda account, claiming it belonged to the vendor. Assuming the request was legitimate, the team processed the transaction on November 3. Days later, when Group Pharmaceuticals did not receive the payment, the discrepancy was discovered.
Upon closer scrutiny, investigators found that the fraudulent domain name differed only in letter casing, a subtle but crucial detail that enabled the hackers to bypass detection.
Police Investigation and Initial Findings
The Bengaluru Cyber Crime Police have registered a case under Sections 66(C) and 66(D) of the Information Technology Act, which deal with identity theft and cheating by impersonation, along with relevant provisions of the Bharatiya Nyaya Sanhita.
Initial investigations have traced the fraudulent account to Vadodara, Gujarat, from where the stolen funds were quickly dispersed into multiple sub-accounts. Police have frozen the primary account and are working with banks to recover the diverted funds.
Officials familiar with the probe said the case falls under the category of “Business Email Compromise” (BEC) — a growing global threat that targets corporate payment systems by infiltrating email conversations and redirecting legitimate payments to fraudulent accounts.
Rising Corporate Cyber Risks
Cybersecurity experts say this incident highlights the growing vulnerability of corporate communications to targeted cyberattacks. They emphasize the urgent need for email authentication protocols, domain protection, and multi-factor authentication (MFA) across enterprise systems.
Experts advise companies to verify large payment instructions through secondary verification methods—such as phone calls or encrypted confirmation systems—before authorizing fund transfers.
Dr. Reddy’s Response
While Dr. Reddy’s Laboratories has not issued an official statement, company sources confirmed that an internal audit and security review are underway. The company is said to be cooperating fully with law enforcement and strengthening its internal cybersecurity protocols to prevent similar incidents.
A senior company official, speaking on condition of anonymity, noted that
“the incident serves as a reminder that even highly secured corporate systems are not immune to evolving cyber tactics.”
Broader Implications for Corporate India
This case underscores the growing risk of cyber-enabled financial fraud in India’s corporate sector, especially as businesses increase their reliance on digital payment systems and email-based communication. Industry observers believe it is time for Indian companies to treat cyber governance as a boardroom priority, at par with financial compliance and audit mechanisms.
