Police in Noida have launched an investigation after an authorised mobile phone service centre reported a massive financial loss due to an email-based scam. The company, located in Sector 59, received what appeared to be a legitimate payment request from its manufacturing partner — but the sender’s identity turned out to be fraudulent.
“The email looked identical to those we regularly receive from the manufacturer,” the company’s finance manager told investigators. “It even instructed us to update the supplier’s bank details in our payment system. We made the transfer believing it was genuine.”
The service partner transferred ₹78.9 lakh from its Bengaluru bank account, assuming the payment was for regular procurement of mobile phone parts. The deception came to light only after the actual manufacturer confirmed it had never issued such an email, nor received any funds.
Anatomy of a Corporate Phishing Scam
The police said the email came from an address that mimicked the manufacturer’s domain, differing by only a single character — a hallmark of what cybersecurity experts call a “business email compromise” (BEC) attack.
Such scams rely on psychological familiarity: attackers study existing communication patterns, spoof trusted identities, and introduce subtle alterations that go unnoticed amid routine transactions. In this case, the scammers exploited the company’s automated billing process, prompting an unverified change to payment credentials.
“These are no longer amateur scams,” said a senior officer from Noida’s Cybercrime Branch. “They are well-researched, well-timed, and aimed at professionals handling large corporate accounts.”
A Growing Threat to India’s Corporate Sector
This case joins a growing list of corporate cyber frauds that have struck India’s technology and manufacturing sectors in recent years. Cybercrime units across Delhi-NCR and Bengaluru have reported a sharp rise in email spoofing, invoice redirection, and payment diversion scams targeting supply-chain networks.
According to police data, many of these crimes are coordinated from abroad — often through offshore servers or “money mule” accounts. Once the transfer is made, the funds are rapidly fragmented and moved through multiple digital wallets, making recovery difficult.
“The attackers study how invoices flow and where authorisations happen,” said a cybersecurity analyst familiar with similar cases. “Once they replicate those patterns, even vigilant firms can be fooled. The losses are rarely recoverable unless banks are alerted within hours.”
Investigation and Broader Implications
An FIR has been filed under provisions of the Bharatiya Nyaya Sanhita (BNS) and the Information Technology Act, and the case is being probed by the Cybercrime Branch under SHO Ranjeet Singh. Investigators are now tracing the email trail, server logs, and the recipient accounts involved in the ₹78.9 lakh transfer.
The Noida police said they are also working with the manufacturer to identify any data breaches or internal leaks that may have facilitated the fraud.
Experts say such cases underscore the urgent need for corporate digital hygiene — two-step verification, secure domain monitoring, and employee awareness training. As India’s digital economy expands, so too does the sophistication of the adversaries who exploit its vulnerabilities.
“Even a single mistaken click,” one officer noted, “can cost a company months of revenue — and years of trust.”
