Hyderabad: In a striking case highlighting the growing threat of cyber fraud, a company based in Hyderabad lost ₹1.20 crore after fraudsters created a fake WhatsApp profile in the name of its woman CEO and duped the firm’s accountant into transferring funds.
The incident underscores how cybercriminals are increasingly relying on social engineering tactics rather than technical hacking to exploit internal trust within organizations and execute high-value frauds.
Fraud began with fake profile
According to available details, the fraudsters created a WhatsApp account using the CEO’s display picture earlier this month. They then contacted the company’s accountant, posing as the CEO and initiating a conversation.
In their messages, the fraudsters claimed that the CEO was in an important meeting and needed urgent payments to be processed. They added that she would not be able to take calls, urging the accountant to transfer funds immediately to specified bank accounts.
Trusting the display picture and the tone of the messages, the accountant did not verify the request through other channels and transferred ₹1.20 crore to the accounts provided.
FCRF Launches Premier CISO Certification Amid Rising Demand for Cybersecurity Leadership
Second message exposed the fraud
A few days later, on March 17, the fraudsters again contacted the accountant and asked for another transfer to a different account. This time, the request raised suspicion.
The accountant reached out directly to the CEO, who denied sending any such instructions. It was then that the fraud came to light, revealing that the company had already suffered a major financial loss.
A complaint was subsequently filed, and an investigation into the matter was initiated.
Social engineering at the core
Preliminary findings indicate that no sophisticated hacking tools were used in the incident. Instead, the entire operation relied on social engineering—manipulating human behavior, trust, and urgency to bypass verification processes.
Cybercriminals carefully targeted the right individual and created a sense of urgency, ensuring that the transaction was executed quickly without raising immediate doubts.
Such scams often exploit hierarchical work cultures, where employees are conditioned to promptly comply with instructions from senior executives.
Expert flags rising trend
Renowned cyber crime expert and former IPS officer Prof. Triveni Singh said,
“Cybercriminals are no longer just attacking systems—they are targeting human psychology. In WhatsApp impersonation cases, they create urgency and authority, leading to large transactions without proper verification.”
He emphasized the need for multi-layer verification mechanisms before executing any financial transaction, regardless of how authentic the request may appear.
Wake-up call for corporates
The incident serves as a serious warning for corporate entities. Experts believe that relying solely on messages or emails for financial decisions significantly increases vulnerability to such attacks.
Companies are being advised to strengthen internal controls by introducing mandatory voice confirmations or multi-level approvals for high-value transactions.
Multiple bank accounts under scrutiny
The bank accounts to which the money was transferred are currently under investigation. Officials suspect that the funds may have been routed through multiple accounts to make tracking difficult.
Efforts are underway to identify other individuals involved in the network and trace the ultimate beneficiaries of the fraud.
Verification remains the strongest defense
The case once again highlights the risks of executing financial decisions without verifying the identity of the sender on digital platforms.
Experts stress that the principle of “Verify before you trust” remains the most effective safeguard against such cyber frauds, especially in an era where impersonation scams are becoming increasingly sophisticated.
