Pune Real Estate Firm Duped by ₹4 Cr in Fraudulent Whale Phishing Attack


Cybercriminals impersonating high-ranking officials to execute an illicit operation worth ₹4 crores, causing major disruption in Pune’s real estate sector.

Pune:  A well-known Pune-based real estate company has fallen prey to a highly sophisticated cyber scam, resulting in a substantial loss of ₹4 crore to internet fraudsters.  The Pune police are currently investigating one of the largest cybercrimes, suspected to be a “whale phishing” attack.

In this incident, the attackers pretended to be the Chairperson and Managing Director (CMD) of the company and tricked the senior accounts officer into transferring money to fake bank accounts.

The fraudulent scheme transpired during the latter week of January.  The accounts officer, who was unaware, received a message from an unidentified number purporting to be the CMD.

The sender, pretending to be trapped in a crucial meeting, directed the officer to promptly execute a Real-Time Gross Settlement (RTGS) transfer of ₹60 lakh to a designated account.

Believing the communication to be authentic, the officer obediently followed the instructions and even provided the imposter with the transaction confirmation number.

Encouraged by their achievement, the fraudsters persisted in taking advantage of the officer’s trust. During the following days, they impersonated the CMD, soliciting extra payments via text messages.  The officer, under the belief that he was adhering to the orders of the CMD, executed multiple transfers amounting to ₹2.2 crores within a span of four days.

The officer consistently followed this pattern for more than a week, ultimately conducting 18 transactions totaling an impressive ₹4.06 crore.

During the entire affair, the sender evaded phone calls, asserting that they were too occupied, and reassured the officer that necessary procedures would be carried out at a later time. The officer contacted the actual CMD, who was abroad and discovered the bogus nature of the program only after making the final transfer.

The Pune City police have initiated a thorough investigation into the case, deploying a squad from the cyber crime branch to apprehend the perpetrators.

This occurrence is not a singular event. Starting from July 2023, the Pune police have recorded six instances of “whale phishing” attacks, one of which resulted in the Serum Institute of India being deceived and losing ₹1 crore.

Whale phishing is a targeted attack that focuses on influential persons in organizations, leveraging their power and trust to get confidential data and financial resources.  Companies should adopt stringent security protocols, such as providing comprehensive cyber awareness training to employees and implementing multi-factor authentication, in order to effectively reduce these threats.

Key Notes on Whale Phishing (CEO Scam)

Targeted Approach Whale phishing, often referred to as CEO scam or spear phishing, is a methodically focused cyber attack that targets specific persons in prominent positions within firms, like CEOs, CFOs, or other executives.
Impersonation Tactics Cyber thieves assume the identities of company executives, typically via email or other digital means, in order to trick employees into carrying out specific acts, such as transferring money or disclosing confidential data.
Social Engineering Perpetrators engage in comprehensive research to collect knowledge about the target and the organization, enabling them to create persuasive communications that seem authentic.
Urgent Requests Fraudulent messages often create a feeling of urgency, making use of the impersonated person’s authority to push staff into swiftly meeting the attackers’ requests.
Financial Fraud The main goal of whale phishing attempts typically is obtaining financial benefits. Adversaries deceive employees into sending funds to deceptive accounts by masquerading as legitimate corporate transactions or urgent circumstances.
Complexity and Sophistication Whale phishing campaigns frequently include intricate tactics, such as fabricating counterfeit websites or exploiting hacked email accounts, to bolster their legitimacy and avoid being detected.
Consequences Individuals targeted by whale phishing attacks may experience substantial monetary losses, harm to their reputation, and disruptions to their operations. Furthermore, the revelation of delicate data could result in additional security breaches or legal consequences.
Preventive Measures To reduce the risk of whale phishing, organizations should adopt strong security policies, such as providing comprehensive employee training to recognize phishing attempts, establishing multi-factor authentication, and frequently updating security software to detect and prevent such attacks. Moreover, implementing explicit authentication protocols for monetary transactions and promoting a mindset of doubt towards uninvited solicitations might effectively prevent any fraudulent schemes.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.  Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM.  Naager entered the field of content in an unusual way.  He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts.  He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field.  In the bottom line, he frequently writes for Craw Security.


About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?