A jewellery company in Navi Mumbai has allegedly been defrauded of ₹10.70 crore in a sophisticated WhatsApp impersonation scam after cybercriminals posed as the firm’s owner and instructed an accounts executive to transfer money to multiple bank accounts. The Navi Mumbai Cyber Police have registered a case and launched an investigation to trace the accused and recover the funds.
According to the police, the incident began on July 14, when the accounts executive at the company’s office in Mahape received a WhatsApp message from a mobile number displaying the owner’s name and profile photograph. Believing the message to be genuine, the executive shared details of the company’s current account balance.
The fraudster then instructed the executive to transfer funds to three different bank accounts. Since the company’s owner routinely communicated payment instructions through phone calls and WhatsApp messages, the executive did not suspect foul play and transferred ₹7.70 crore in four separate transactions.
The following day, the executive received additional payment instructions through the same WhatsApp account, directing him to transfer funds to two more bank accounts. He carried out the transfers, sending another ₹3 crore, bringing the total loss to ₹10.70 crore.
The fraud came to light later on July 15 during a WhatsApp group voice call involving the company’s owner and finance officer. During the conversation, the owner clarified that he had never sent any payment instructions or authorised the transfers. The company immediately realised it had fallen victim to a cyber fraud.
Investigators found that while the fraudulent WhatsApp profile displayed the owner’s name and photograph, it was linked to a different mobile number. Police believe the suspects deliberately impersonated the owner to exploit the company’s established internal payment practices and gain the employee’s trust.
The Navi Mumbai Cyber Police have registered an FIR against the unidentified individual operating the fake WhatsApp account as well as the holders of the beneficiary bank accounts that received the money. Investigators are examining the financial trail, analysing banking records, and working to identify those involved in the fraud.
Officials are also coordinating with banks and digital payment channels to determine whether any of the transferred funds can be frozen or recovered. Investigators are assessing whether the beneficiary accounts were operated by money mules or were directly controlled by members of an organised cybercrime network.
According to the Future Crime Research Foundation (FCRF), impersonation scams targeting businesses have become increasingly sophisticated, with fraudsters exploiting messaging platforms, spoofed identities, and familiar communication patterns to bypass internal financial controls. Organisations should implement multi-level approval mechanisms for high-value transactions and independently verify payment requests received through messaging applications.
Cybersecurity experts further advise companies to adopt strict verification protocols for financial transactions, including confirming payment instructions through a separate communication channel such as a direct phone call or in-person confirmation. Businesses should also conduct regular employee awareness training and deploy robust internal controls to reduce the risk of social engineering attacks.
Police continue to investigate the case and are pursuing leads to identify the suspects, trace the movement of the stolen funds, and determine whether the fraud is linked to a larger organised cybercrime network.
