Cyber Incident Victim: Worli-based Garment Firm
Date:
Aug 2022
Location:
India
Summary
A CFO of a specialty chemical company was deceived into transferring approximately Rs 8.55 lakh via RTGS after receiving WhatsApp messages from a fraudster impersonating the firm's managing director. The attacker, posing as the MD, instructed the victim to urgently transfer funds to a specified account while emphasizing secrecy, later demanding additional transfers which raised suspicions. The fraud was uncovered when the genuine MD contacted the CFO for unrelated matters, prompting the victim to alert the bank and file a police complaint. Authorities registered a case under IPC sections for cheating and personation, alongside IT Act provisions for identity theft and computer-related impersonation, though the bank confirmed the irreversible transaction.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 29, 2022, the Chief Financial Officer (CFO) of a Worli-based specialty chemical and organic intermediaries manufacturing firm received a WhatsApp message from an unknown number posing as the company's Managing Director (MD). The impersonator claimed to be in an important meeting and instructed the CFO not to call, while directing an urgent RTGS transfer of ₹8,55,632 to an account held by Dheeraj Kumar after deducting Tax Deducted at Source (TDS). The fraudster emphasized secrecy, explicitly warning the CFO against disclosing the communication to anyone. Complying with the instructions, the CFO executed the transaction and attempted to confirm receipt with the impersonator, but all calls went unanswered. Subsequent messages from the same number requested verification of the transfer, prompting the CFO to share transaction screenshots. The attacker then escalated demands by providing additional account details for further transfers, which triggered the CFO's suspicion due to the persistent messaging and continued call avoidance documented in the FIR.
The CFO realized the deception later that evening when the legitimate MD contacted him for unrelated business matters, clarifying she had never requested any transfers. Immediate efforts to reverse the transaction through the bank failed, as the institution confirmed the funds had cleared and advised filing a police report. On August 30, 2022, the BKC police registered an FIR under IPC Sections 419 (cheating by personation) and 420 (cheating), alongside IT Act Sections 66C (identity theft) and 66D (cheating by personation via computer resources). The incident resulted in a confirmed financial loss of ₹8.55 lakh with no recovery mechanism identified, though no secondary financial requests were fulfilled due to the CFO's timely suspicion. Organizational impacts were limited to the fraudulent transfer, with no reported compromise of internal systems or additional personnel beyond the CFO's initial interaction.