A Pune-based consultancy firm, part of a multinational corporation, has fallen victim to a whale phishing scam, losing a staggering Rs 1.9 crore. Cybercriminals, impersonating the company’s director, tricked the firm’s senior accounts manager into transferring funds to fraudulent bank accounts under the guise of an urgent business transaction.
How the Scam Unfolded
The fraud began when the accounts manager received a WhatsApp message from an unknown number, which displayed the director’s profile picture. The scammer, posing as the director, claimed it was his new number and instructed the manager to save it. The message stated that the company had secured a new project and required an immediate fund transfer of Rs 1.9 crore to a designated bank account.
Believing the message to be genuine, the accounts manager wired the money to an account registered in Churu, Rajasthan. Shortly after, the fraudster attempted to escalate the scam, requesting an additional Rs 3 crore. When the manager informed them of insufficient funds, the cybercriminals insisted on liquidating company fixed deposits.
Now Open: Pan-India Registration for Scam Reporters & Fraud Investigators!
Sensing something was amiss, the manager contacted the director on his original number, only to discover that no such transaction had been authorized. Realizing they had been duped, the firm immediately reported the fraud to Pune’s cyber crime police, leading to an FIR and a full-scale investigation into the phone numbers and bank accounts involved.
What is Whale Phishing
Also known as CEO fraud or spear phishing, whale phishing targets high-ranking executives or key personnel handling financial transactions. Unlike mass phishing scams that randomly attack large numbers of people, these attacks are highly customized, designed to deceive specific individuals into divulging confidential data or transferring large sums of money.
Rising Trend of Whale Phishing in Pune
This is not an isolated incident. Pune and Pimpri-Chinchwad police have recorded multiple whale phishing cases in recent years, including:
- Serum Institute of India (SII) – Lost Rs 1 crore in 2022.
- Real estate firm in Pune – Duped of Rs 4 crore in early 2023.
In connection with one of these cases, cyber police arrested Saniya Mustakim Siddique (21) from Faridabad, Haryana. However, in a dramatic turn of events, she escaped custody while being transported on a train in February 2023 but was recaptured in December after a months-long hunt.
How to Protect Yourself from Whale Phishing
- Verify Before You Act – Always confirm financial requests through an official channel.
- Watch for Urgency Tactics – Fraudsters create pressure to rush transactions.
- Be Cautious with New Numbers – Verify any ‘new contact numbers’ directly.
- Enable Multi-Factor Authentication (MFA) – Adds an extra layer of security.
- Report Suspicious Activity Immediately – Contact cybercrime authorities if targeted.
This case serves as a stark reminder of the growing sophistication of cyber frauds, reinforcing the need for strong cybersecurity awareness and stringent verification protocols in corporate environments.