Pune | A major cyber fraud case reported from Maharashtra’s Pune district has once again highlighted how corporate emails are increasingly becoming prime targets for international cybercriminals. A valve manufacturing company based in Pimpri-Chinchwad lost nearly ₹56 lakh in an email spoofing scam after fraudsters impersonated a China-based supplier. However, swift intervention by the cyber police helped recover the entire amount before it could disappear through multiple international transactions.
According to officials familiar with the investigation, the Bhosari-based company had regular business dealings with a Chinese vendor. In April, company executives received what appeared to be a genuine email from the supplier informing them about a change in bank account details for future payments. Since the email closely resembled previous business communication, no suspicion was raised initially.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
Investigators later found that the cybercriminals had created a fake email address almost identical to the original email ID of the Chinese company. Using this spoofed identity, the fraudsters instructed the Indian company to transfer payments to newly shared bank accounts. Believing the communication to be authentic, the company transferred around ₹56 lakh to the mentioned accounts.
The fraud came to light only after company officials contacted the actual supplier in China to verify the transaction. The supplier denied issuing any instructions regarding a bank account change, following which the company realized it had fallen prey to a sophisticated cyber fraud operation.
After receiving the complaint, the cyber police immediately initiated a technical investigation. During the probe, officials discovered that the transferred funds had landed in a bank account based in the United States. The investigating team then coordinated with banking authorities and nodal officers linked to the recipient bank to prevent the money from being further diverted.
Through rapid digital tracking and international banking coordination, the suspicious account was frozen before the funds could be withdrawn or layered through multiple channels. Following legal and banking procedures, the entire amount was eventually transferred back to the complainant company’s account.
Cyber experts say such cases require immediate reporting because fraudsters often move stolen funds across several countries within hours, making recovery extremely difficult. Investigators noted that email spoofing and Business Email Compromise (BEC) attacks are now among the most preferred tactics used by organized cybercrime syndicates targeting businesses engaged in global trade.
Officials associated with the probe stated that cybercriminals first study a company’s communication patterns, supplier network, invoice formats, and payment schedules before launching attacks. Once they gather enough information, they create deceptive email IDs that appear nearly identical to legitimate corporate addresses, making detection difficult for employees handling accounts and payments.
Renowned cybercrime expert and former IPS officer Prof. Triveni Singh said that BEC and email spoofing attacks have emerged as one of the biggest digital threats facing corporate India. According to him, cybercriminals are no longer relying solely on traditional hacking methods but are increasingly targeting trust-based business communication systems and financial workflows.
He warned that import-export firms, manufacturing companies, and logistics businesses are especially vulnerable because they frequently deal with high-value international transactions. Prof. Singh added that many global cybercrime groups now heavily depend on social engineering techniques and email manipulation to deceive finance departments and authorize fraudulent transfers.
Cybersecurity specialists have advised companies to independently verify any email requesting changes in bank account details. Experts recommend confirming such requests through video calls, official phone numbers, or secure verification procedures before initiating payments. Relying solely on email communication for financial decisions is now considered highly risky in large-scale business operations.
Prof. Triveni Singh further emphasized the importance of regular cyber audits, employee awareness programs, and strong digital security infrastructure. He noted that even a small oversight or rushed approval process can result in losses worth crores of rupees.
Cyber officials have also urged businesses to adopt multi-factor authentication, domain protection systems, advanced email filters, and regular phishing awareness training for staff members. The case serves as a stark reminder that cybercriminals are increasingly exploiting human trust and business processes rather than merely attacking computer systems.
Although the Pune company managed to recover its ₹56 lakh due to timely reporting and coordinated police action, experts believe many organizations may not be as fortunate if such frauds go unnoticed even for a few hours.
