An event management company based in Noida has fallen victim to a sophisticated cyber fraud in which scammers impersonated the company’s director on WhatsApp and tricked an employee into purchasing Apple gift cards worth nearly ₹24 lakh. The incident has been reported to the Cyber Crime Police Station, and an investigation is currently underway.
According to police, the company organises business events and conferences and operates from its main office in Sector-3, Noida, with additional units in other cities.
Perfect Timing Used to Execute the Scam
On October 1, a woman employee from the company’s Mumbai office arrived in Noida for a training programme. Coincidentally, on the same day, the company’s director departed for Barcelona to attend an international event.
Police believe the fraudsters exploited this timing to make their impersonation appear authentic.
WhatsApp Message: “Buy the Gift Cards Immediately”
According to the complaint, the employee began receiving WhatsApp messages from a number displaying the director’s name and photograph. The sender described the task as “urgent” and instructed her to immediately purchase Apple gift cards.
The messages repeatedly emphasised urgency and confidentiality, discouraging the employee from verifying the request with other senior officials.
Trusting that the instructions were genuine, the employee proceeded to buy the gift cards using four company credit cards issued by HDFC Bank and ICICI Bank.
In total:
- Gift cards worth around ₹24 lakh were purchased
- Codes were sent to nearly 15 different email IDs, as directed by the fraudster
Suspicion Raised, Cards Blocked — But Damage Already Done
The scam came to light when another company official noticed unusual high-value transactions on the corporate credit cards. The cards were immediately blocked, and Amazon, from where the gift cards had been purchased, was informed.
A formal complaint was then lodged with the cyber cell.
During follow-up action:
- HDFC Bank managed to reverse around ₹5 lakh
- Recovery of the remaining ₹19 lakh debited through the ICICI credit card is reportedly difficult, as the gift card codes had already been redeemed
The company later approached cyber police again, seeking further assistance.
Case Registered, Investigation in Progress
Police have registered a case under:
- Section 66D of the Information Technology Act (cheating by personation using computer resources)
- Sections 318(4) and 319(2) of the Bharatiya Nyaya Sanhita (BNS)
Investigators said gift card frauds are particularly challenging because the codes are often redeemed instantly, leaving little scope for recovery. However, efforts are ongoing to trace the fraudsters through transaction trails, email IDs, IP addresses and digital logs.
Expert Warning: ‘Verify Before You Pay’
A cyber-crime expert from the Center for Police Technology (CPT) described the case as a textbook example of impersonation-based social engineering.
“Scammers deliberately create urgency so the victim acts without thinking. Any request involving gift cards, cryptocurrency or wire transfers must be verified directly through a phone call or video call,” the expert said.
He advised companies to:
- Always verify “urgent” payment requests
- Avoid payments through gift cards or crypto
- Implement dual authorisation for financial transactions
- Enable real-time transaction alerts
- Conduct regular cyber-awareness training for employees
Police Advisory
Cyber police have urged companies and individuals to immediately report such incidents by calling the 1930 cyber helpline or contacting the nearest cyber crime police station.
Officials stressed that any delay significantly reduces the chances of recovery, as fraudsters quickly move or exhaust the stolen funds.
