BENGALURU: A Bengaluru-based pharmaceutical company fell victim to a meticulously orchestrated cyber fraud that cost it ₹1.9 crore (US$230,000) after an impostor posing as the company’s chairman duped the chief operating officer (COO) and accountant into transferring funds, according to Bengaluru North Division Cyber Crime Police sources.
The scam unfolded when the imposter, using spoofed email and messaging apps accompanied by the chairman’s photo, claimed to be in a “high-priority” meeting with a government official. Under that pretence, he persuaded the COO to request bank balance details, then directed the accountant to transfer ₹1.92 crore (US$233,000) to a cargo company’s account in Virar, Mumbai.
How the Scam Was Uncovered
Only after the transaction did the real chairman discover officials had wired the funds without his authorisation. He promptly confirmed he had not sent the messages, triggering a formal complaint at the North Division Cyber Crime Police Station. Charges have been filed under the Information Technology Act, 2000, and Section 318(4) of the Bharatiya Nyaya Sanhita, 2023, which pertain to cheating via fraudulent inducement.
Bengaluru cybercrime investigators are tracing digital footprints and banking trails to identify the perpetrator, with officials describing the incident as a “classic CFO-targeted spoofing attack”.
Inside the Modus Operandi
Trusted Personas as Weapons
Cybercriminals often impersonate high-ranking executives to exploit internal trust. In this case, the scammer created a sense of urgency by invoking a scam involving a government body—a common tactic to shorten response time and limit verification steps.
Cargo and Courier Accounts as Fronts
Funds were deliberately routed to a cargo company account—a known method for obscuring transactions and laundering stolen money. Similar frauds have used fake vendors or shell companies to move illicit funds quickly out of sight.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Consequences and Corporate Safeguards
The incident, while costly, has served as a wake-up call for corporate India. Experts recommend:
-
Verifying all financial requests through multiple trusted channels, especially if urgent.
-
Instituting a two-step verification process for large transfers.
-
Regular staff training on social engineering threats and email authentication tools such as SPF, DKIM, and DMARC.
Bengaluru’s cyber police urge firms to adopt stricter internal protocols and vendor authentication processes. Investigators warn that the absence of robust checks can allow such deception to go undetected until thousands—or crores—are siphoned off.
About the Author – Sahhil Taware is a B.Sc. LL.B. (Hons.) student at National Forensic Sciences University, Gandhinagar, with a keen interest in corporate law and tech-driven legal change.