A new form of business impersonation fraud has surfaced in Mumbai, with cybercriminals posing as company bosses on WhatsApp and duping firms of about ₹3.5 crore. According to the report, scammers used malicious zip files and spoofed instructions to mislead accountants into transferring large sums to fraudulent bank accounts.
WhatsApp Message Opens Door to Fraud
In one case, the director of a lighting supply and trading firm received a WhatsApp message late in the evening from an unknown number. The message asked him to forward a zip file from an unfamiliar contact to one of the company’s accounts executives.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
Unaware of the risk, the director forwarded the message. According to the FIR, the fraudsters then used the zip file to gain access to the company’s WhatsApp and other linked information.
The attackers allegedly used that access to issue instructions in the director’s name, making the request appear genuine to staff handling company accounts.
Accountant Transfers ₹1.98 Crore
After gaining access, the fraudsters allegedly started a WhatsApp conversation with the company’s accountant and instructed her to urgently release ₹1.98 crore to a bank account in Gurugram.
Believing that the instruction had come from the company director, the accountant transferred the money. According to the report, the transfers took place between June 11 and June 15.
The fraud came to light only when the director received a bank statement showing that the amount had been moved. Police later froze a portion of the transferred funds, while the remaining money had already been moved through several accounts.
Businesses Warned to Verify Requests
A second case mentioned in the report involved a deputy manager who allegedly transferred ₹1.40 crore in 63 transactions after receiving WhatsApp messages from a fraudster posing as the company’s executive director.
Cybersecurity experts said organisations must create stronger verification systems before approving financial transfers, especially when requests come through WhatsApp or other messaging platforms. Experts also advised companies not to open zip files from unknown numbers and to maintain strong endpoint security systems.
The report said such frauds are becoming more targeted, with attackers exploiting trust within companies rather than relying only on technical hacking. Citizens and businesses have been advised to report cyber fraud immediately on the 1930 helpline so that suspicious transactions can be frozen quickly.
