Mumbai | In a major case highlighting the growing risks of digital finance and online tax systems, a woman allegedly lost nearly ₹7 crore after a fraudster misused a single OTP and long-standing trust to take control of her company’s GST account. The case, reported from Mumbai’s Malad area, involves systematic misuse of business documents and digital identity to create a large-scale network of fake transactions and fraudulent invoices.
According to the complaint, the accused first came into contact with the victim through her late husband, presenting himself as someone who could help with business loans and support for a food truck venture. Over time, he allegedly built trust with the family and maintained close contact even after the husband’s death, offering financial and personal assistance for household needs, children’s education fees, and other expenses.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
Investigators believe that this emotional and financial reliance was gradually exploited to obtain sensitive credentials, including GST login ID, password, and OTP-based access. The accused also allegedly gained control over the mobile number linked to the company’s GST account, effectively taking over its digital identity.
The fraud came to light when the victim received an alert about a password change on the GST portal. Suspicious, she initiated a detailed review of records through her chartered accountant. The audit revealed a large number of fake invoices generated in the company’s name, with transactions showing inflated and non-existent business activity. The total suspected financial exposure was estimated to be around ₹7 crore.
Further investigation indicated that the accused did not limit the misuse to system access alone. Multiple bank accounts were allegedly used to route and simulate fake commercial transactions. These accounts were traced to the Visakhapatnam region, raising concerns that the fraud could be part of a larger organized network rather than an isolated act.
The chartered accountant’s review confirmed that several transactions did not match any real business activity. The GST records and financial documents collectively pointed toward a structured pattern of invoice manipulation and digital financial fraud.
One of the most alarming aspects of the case, officials noted, was the prolonged emotional manipulation used to maintain control over the victim’s trust. OTP-based verification and login credentials were allegedly misused repeatedly to alter system records and generate fraudulent entries over time.
Cybercrime expert and former IPS officer Prof. Triveni Singh commented on the case, stating:
“Today’s biggest threat is not technology itself, but the misuse of human trust. Sharing OTPs, passwords, and sensitive links has become routine, which makes it easier for cybercriminals to gain access. In such cases, offenders rely more on social engineering than technical hacking, and victims often do not realize when they have already compromised their own data.”
Authorities have registered a case and initiated a detailed investigation into the fraud. Efforts are underway to identify additional individuals who may be involved and to map the full extent of the fake invoice and financial transaction network. Bank accounts and digital trails are also being closely examined.
The case serves as a strong reminder that in today’s digital economy, even a single OTP, a moment of misplaced trust, or a minor lapse in cybersecurity can lead to massive financial losses and expose deep vulnerabilities in digital financial systems.
