Cyber Incident Victim: Indian Organization in Mumbai
Date:
Aug 2022
Location:
India
Summary
A CFO of a Mumbai-based specialty chemical manufacturer was deceived via WhatsApp by an impersonator posing as the company's MD, who instructed an urgent RTGS transfer of ₹8.55 lakh to a specified account under confidentiality. Suspicion arose when further transfers were requested, prompting the CFO to verify with the actual MD, revealing the fraud; the bank could not reverse the transaction, leading to a police case under IPC sections for cheating and IT Act provisions addressing identity theft and digital impersonation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 30, 2022, the Chief Financial Officer (CFO) of a Mumbai-based specialty chemical and organic intermediaries manufacturer received a WhatsApp message from an unknown number posing as the company's Managing Director (MD). The impersonator claimed to be in an important meeting and instructed the CFO not to call while urgently requesting an RTGS transfer of ₹8,55,632 to an account held by Dheeraj Kumar after Tax Deducted at Source (TDS) adjustments. The fraudster emphasized secrecy, directing the CFO not to disclose the communication to anyone. Complying with these instructions, the CFO processed the transaction. Subsequent attempts to confirm receipt with the supposed MD went unanswered, though the attacker later messaged to verify the transfer completion, prompting the CFO to share transaction screenshots. When the impersonator then provided additional account details demanding further transfers, the frequency and nature of these requests aroused the CFO's suspicion. Repeated unanswered calls to the fraudulent number deepened these concerns throughout the day.
The CFO realized he had been deceived when the legitimate MD contacted him that evening regarding unrelated business matters, confirming she had never requested any transfers. Immediately alerting his bank to halt the transaction proved unsuccessful, as the funds had already cleared. The bank advised filing a police report, leading the CFO to lodge a formal complaint with Mumbai's BKC police station. On September 2, authorities registered an FIR under Indian Penal Code sections 419 (cheating by personation) and 420 (cheating), alongside Information Technology Act sections 66C (identity theft) and 66D (cheating by personation via computer resources). The incident resulted in a confirmed financial loss of ₹8.55 lakh with no recovery mechanism identified in initial reports. Investigators documented the attacker's operational pattern of using WhatsApp for impersonation, enforcing communication isolation, and escalating demands to multiple accounts once initial compliance was secured.