Cybercriminals duped a Vimannagar-based engineering products manufacturing firm in Pune of ₹73.18 lakh through a sophisticated email spoofing fraud involving fake procurement communications, according to cyber police officials.
Fraudsters Sneak Into Business Emails
The fraud reportedly took place between June 2024 and April last year, when the company was in regular email contact with its Germany-based associate for the purchase of a carton box packing machine. Investigators said cybercriminals either gained unauthorised access to the email accounts of the Indian firm or its foreign partner, or intercepted communications to manipulate the transaction process.
Fake Vendor Identity Tricks Company Into Overseas Bank Transfer
They created a fake vendor identity and sent a forged quotation for the machinery, pricing it at USD 86,747, which amounted to approximately ₹73.18 lakh at the prevailing exchange rate. Believing the documents to be genuine, the company transferred the amount to a bank account reportedly in Chicago, United States, as instructed in the fraudulent email. When the machine’s delivery did not materialise, the company attempted to contact the supposed supplier but received no response, which prompted suspicion.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
No Machine Delivered, No Supplier Response
A complaint was subsequently lodged with the Pune cyber police, following which a formal investigation was initiated into the suspected financial fraud. Officials said preliminary findings suggest that the fraudsters used spoofed or compromised email systems to insert themselves into legitimate business correspondence and redirect payments.
Cyber experts note that such business email compromise (BEC) cases have become increasingly common, where attackers exploit trust between companies engaged in international trade. They warn that even small lapses in verification, especially during high-value cross-border transactions, can result in significant financial losses for companies.
In this case, investigators are also examining whether the attackers targeted the email system of the German associate or used phishing techniques to gain access. Authorities have registered the case and launched a detailed probe to trace the flow of funds and identify the individuals behind the operation.
Cyber Police Probe Digital Trail In Growing BEC Scam Menace
The incident has once again highlighted the growing threat of email-based cyber fraud targeting manufacturing and export-oriented businesses in India. Officials pointed out that in many such cases, attackers first conduct reconnaissance by monitoring corporate communication patterns before launching spoofed email attacks designed to appear legitimate.
They often register domains that closely resemble genuine company email addresses, making it difficult for employees to detect fraudulent messages without technical verification tools. Cybersecurity analysts say businesses involved in international procurement are particularly vulnerable due to multiple communication layers and a reliance on email-based approvals.
They recommend implementing multi-factor authentication, domain verification protocols, and continuous monitoring of financial communication channels to reduce exposure to such threats.
Law enforcement agencies are also increasing awareness campaigns to educate companies about identifying phishing attempts and verifying payment instructions through secondary channels.
Sophisticated Business Email Scam
The Pune cyber police are expected to examine digital footprints, email headers, and financial transaction logs to trace the origin of the fraudulent network. Authorities said further action will be taken based on evidence collected during the investigation, including possible identification of overseas links and coordinated cybercrime groups.
This case reflects a broader pattern of rising Business Email Compromise (BEC) incidents in India, where cybercriminals exploit gaps in corporate cybersecurity awareness and delays in cross-border communication.
Experts stress that organizations must train employees to verify financial requests through direct calls and secure internal systems rather than relying solely on email instructions. With digital transactions becoming increasingly global, even a single compromised email account can lead to large-scale financial fraud, as demonstrated in this case.
Investigators continue to track the suspected network, while authorities reiterate the importance of cyber hygiene and stronger authentication systems to prevent similar incidents. Authorities have urged companies, especially those engaged in export and machinery procurement, to adopt strict verification protocols and report suspicious communication immediately to cybercrime units to mitigate financial risks.
The case also highlights the urgent need for integrated cybersecurity frameworks that combine technological safeguards with employee awareness programs. Experts believe that continuous monitoring, threat intelligence sharing, and real-time alerts can significantly reduce the success rate of such fraud attempts in the future.
Probe remains ongoing as officials gather additional evidence.
