Navi Mumbai Jewellery Firm Falls Victim to ₹10.7 Crore WhatsApp Impersonation Scam
A jewelry business in Navi Mumbai reported a financial loss of ₹10.7 crore following a complex impersonation scheme involving cybercriminals mimicking the company’s owner.
Incident Overview
A jewelry business in Navi Mumbai reported a financial loss of ₹10.7 crore following a complex impersonation scheme where cybercriminals mimicked the company’s owner to manipulate an accounts officer into transferring funds. The Navi Mumbai Cyber Police confirmed the incident, which unfolded through a series of fraudulent communications.
The Impersonation Scheme
On July 14, an employee at the firm’s Mahape office received a message from a mobile number displaying the owner’s name and profile picture. The individual, trusting the sender, disclosed the company’s current account balance. Subsequently, the fraudster directed the employee to transfer ₹7.7 crore across four transactions to three separate bank accounts.
Additional Fraudulent Transfers
The company’s standard procedure involved receiving payment instructions via phone calls and messages, which led the employee to comply without suspicion. The next day, additional directives were issued through the same account, prompting the transfer of an additional ₹3 crore to two more accounts, culminating in the total loss.
Discovery of the Deception
The deception was uncovered on July 15 during a group voice call between the owner and the finance officer. The owner clarified that no payment instructions had been issued, revealing the breach. Investigators determined that the fraudulent profile used the owner’s name and image but was associated with a different mobile number.
Investigation and Expert Insights
Law enforcement suspects the perpetrators exploited the company’s routine communication practices to gain trust. Authorities are collaborating with financial institutions and digital payment platforms to assess the possibility of freezing or recovering the transferred funds. Ongoing examinations aim to identify whether the recipient accounts were managed by money mules or linked to a larger cybercrime organization.
Expert Analysis
Recommendations for Businesses
Recommendations include implementing multi-tier verification processes for high-value transactions and validating payment requests through independent channels such as direct phone calls or in-person confirmations. Organizations are urged to conduct regular staff training on cybersecurity protocols and establish stringent internal controls to mitigate risks associated with social engineering tactics.
Ongoing Investigation
The investigation remains active, with efforts focused on identifying suspects, tracing the flow of illicit funds, and determining potential connections to organized cybercrime networks.
