Cyber Incident Victim: Mumbai, India
Date:
Aug 2022
Location:
India
Summary
A CFO of a Mumbai-based specialty chemical company was deceived into transferring approximately Rs 8.55 lakh after receiving WhatsApp messages from a fraudster impersonating the firm's managing director. The attacker, claiming to be in a meeting, instructed the victim to urgently send funds via RTGS to a specified account while emphasizing secrecy. After complying, the CFO grew suspicious when follow-up messages demanded additional transfers to other accounts and calls went unanswered. The scam was confirmed when the legitimate MD later contacted the CFO for unrelated matters, revealing no such transaction request had been made. The incident led to the filing of a police case under Indian Penal Code sections for cheating and personation, alongside IT Act provisions addressing identity theft and computer-related impersonation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 30, 2022, the Chief Financial Officer (CFO) of a Mumbai-based specialty chemical and organic intermediaries manufacturer received a WhatsApp message from an unknown number claiming to be the company's Managing Director (MD). The impersonator stated they were in an important meeting and instructed the CFO not to call them. The fraudulent MD directed the CFO to immediately transfer Rs 8,55,632 via Real Time Gross Settlement (RTGS) to an account held by an individual named Dheeraj Kumar, emphasizing that the transaction should not be disclosed to anyone. The CFO complied with these instructions, deducting Tax Deducted at Source (TDS) before completing the transfer. After sending the funds, the CFO attempted to confirm receipt with the supposed MD but received no response to multiple calls. Approximately an hour later, the fraudster messaged again to verify the transfer completion, prompting the CFO to share transaction screenshots as proof.
The attacker subsequently requested additional transfers to different accounts, which aroused the CFO's suspicion due to the persistent messaging and continued refusal to answer voice calls. Later that same day, the legitimate MD contacted the CFO regarding unrelated business matters, at which point the victim recounted the earlier financial instructions. The genuine MD clarified she had never authorized any such transaction, confirming the fraud. The CFO immediately notified their bank to halt the transfer, but the institution stated it could no longer intervene and advised filing a police report. On September 2, 2022, the Bandra Kurla Complex (BKC) police registered a First Information Report under Indian Penal Code sections 419 (cheating by personation) and 420 (cheating), alongside Information Technology Act sections 66C (identity theft) and 66D (cheating by personation via computer resources). The incident resulted in direct financial losses exceeding Rs 8.55 lakh and operational disruption through unauthorized use of corporate communication channels for fraudulent purposes.