Kolkata Retail Firm Suffers ₹1.5 Crore Loss Due to CEO Impersonation Scam

www.news4hackers.com-kolkata-retail-firm-suffers-1-5-crore-loss-due-to-ceo-impersonation-scam-kolkata-retail-firm-suffers-1-5-crore-loss-due-to-ceo-impersonation-scam

A Kolkata-based retail firm reported a ₹1.5 crore loss after a CEO impersonation scam led to an unauthorized fund transfer.

The Scam Unveiled

A retail organization in Kolkata suffered a financial loss of ₹1.5 crore due to a cyber fraud scheme involving the impersonation of its Managing Director. The incident occurred when an employee in the accounts department was deceived into initiating a high-value fund transfer after receiving a message from an unidentified mobile number. The communication featured the MD’s profile image, leading the employee to believe the request was legitimate.

The fraudulent message allegedly originated from a number displaying the executive’s photograph and instructed the employee to transfer funds urgently to a specified bank account. The transaction, conducted via RTGS, was executed to an ICICI Bank account. Initial investigations suggest the account is associated with a private digital solutions firm.

Investigation and Response

The scam was uncovered the following day when the actual MD confirmed no such payment directive had been issued. The company filed a complaint at Girish Park Police Station, prompting the Kolkata Police Cyber Cell to launch an inquiry. Authorities are examining the beneficiary bank account, potential recipients of the funds, and individuals connected to the alleged scheme.

Investigators are also assessing whether the incident involved a coordinated cybercrime network. The case underscores the growing prevalence of business email compromise (BEC) attacks, where adversaries exploit trust within organizational hierarchies to divert funds.

Cybersecurity Experts Weigh In

Cybersecurity experts highlight that CEO impersonation tactics often leverage compromised identities to pressure employees into executing urgent financial transactions. A former IPS officer and cybersecurity analyst emphasized the importance of verifying high-value requests through official channels rather than relying solely on digital communications.

He recommended implementing multi-tier approval processes and rigorous payment validation protocols to mitigate such risks.

Preventive Measures and Recommendations

The case underscores the growing prevalence of business email compromise (BEC) attacks, where adversaries exploit trust within organizational hierarchies to divert funds. Enterprises are urged to adopt stringent verification measures and employee training programs to detect and prevent similar incidents.

Cybersecurity experts emphasize the need for multi-factor authentication, regular security audits, and employee awareness campaigns to counter evolving cyber threats. Organizations are advised to establish clear protocols for financial transactions and verify all high-value requests through multiple communication channels.


Blog Image

About Author

en_USEnglish