Cyber Incident Victim: State Bank of India

On December 20, 2022, State Bank of India (SBI) officials at the main branch near Pune’s district collectorate received a phone call from an individual fraudulently claiming to be Kishorkumar Shah, director of Chandukaka Saraf & Sons Private Limited Company, a prominent Pune-based jewellery firm. The impostor asserted an urgent need to transfer funds due to a medical emergency, directing Ashish Javkhedkar and another SBI officer to execute an immediate RTGS transfer of ₹19 lakh. Complying with the instructions, the bank officials transferred the sum into two unspecified bank accounts via the Real-Time Gross Settlement system. The transaction was processed under the pretext of legitimate authorization from the company director. Subsequent verification revealed the caller had no affiliation with Chandukaka Saraf & Sons, exposing the transaction as fraudulent.

SBI officials filed a formal complaint of cheating at Pune’s Bundgarden police station on December 23, 2022, three days after the unauthorized transfer. Police registered a case against the unidentified caller and the recipients of the funds under relevant sections of the Indian Penal Code and the Information Technology Act. The incident resulted in a direct financial loss of ₹19 lakh to the bank or the jeweller’s account, though the article does not specify whether the funds belonged to the bank or the corporate client. Senior Police Inspector Pratap Mankar led the investigation to trace the perpetrators and recover the stolen funds. The fraud exploited procedural vulnerabilities in SBI’s verification process for high-value transactions initiated via phone instructions, highlighting operational risks associated with social engineering tactics targeting financial institutions. No additional technical compromises or system breaches were reported in connection with the incident.