Mumbai | Cybercriminals have adopted a sophisticated new method to target businesses, resulting in losses of ₹3.48 crore across two companies in Mumbai. Investigators say the fraudsters gained remote access to employees’ mobile phones through malicious ZIP files and then impersonated senior company executives on WhatsApp to authorise large fund transfers.
The first case involved an aluminium supply and trading company that allegedly lost around ₹1.98 crore. According to the complaint, a female accountant received a ZIP file from an unknown number on June 11. After opening the file, cybercriminals reportedly obtained remote access to her mobile device.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
Investigators said the fraudsters then blocked the actual Managing Director’s contact number on the employee’s phone and replaced it with their own number saved under the MD’s name. Using WhatsApp, they allegedly instructed the accountant to urgently transfer ₹1.98 crore to a designated bank account. Believing the message came from the company’s MD, she processed the transaction.
The fraud came to light only after the transfer was verified through other channels. Following the complaint, cyber investigators managed to freeze approximately ₹87.04 lakh from the transferred amount.
A similar incident was reported by a luxury gold jewellery design firm, where cybercriminals allegedly siphoned off nearly ₹1.5 crore. In this case, a junior accountant was targeted with the same type of malicious ZIP file, enabling the fraudsters to gain control of the employee’s phone.
According to investigators, the criminals blocked the genuine director’s contact number and replaced it with their own number under the director’s name. They then used WhatsApp messages to instruct the employee to transfer funds to an account in Ghaziabad. After consulting a senior colleague and assuming the instructions were legitimate, the company transferred ₹1.5 crore between June 12 and June 16.
Cybersecurity experts have warned that this method is far more dangerous than conventional phishing attacks because it allows criminals not only to steal information but also to control the victim’s device. Cybersecurity specialist Nikhil Mahadeshwar, who is assisting investigators in analysing the malicious files, said such malware can compromise not only smartphones but also office computers and laptops, potentially exposing organisations to significant financial losses.
Experts have advised companies to avoid opening files received from unknown sources, conduct regular cybersecurity awareness training for employees, and deploy advanced security solutions along with multi-factor authentication across critical systems.
Commenting on the cases, renowned cybercrime expert and former IPS officer Prof. Triveni Singh said cybercriminals are increasingly combining social engineering techniques with remote-access tools. According to him, impersonating senior executives and exploiting employee trust has become a rapidly growing form of corporate cyber fraud, making multi-layer verification procedures essential before approving high-value financial transactions.
Following the incidents, cyber police have organised awareness sessions for businesses and corporate entities to educate employees about such impersonation scams. Investigators are currently tracing the ultimate beneficiaries of the funds, examining bank accounts involved in the transactions, and analysing the digital infrastructure used by the perpetrators. The investigations in both cases remain ongoing.
