WhatsApp Cyber Scam Costs Mumbai Firms Rs 3.48 Crore in Remote Access Fraud

Anuj June 24, 2026
www.news4hackers.com-whatsapp-cyber-scam-costs-mumbai-firms-rs-3-48-crore-in-remote-access-fraud-whatsapp-cyber-scam-costs-mumbai-firms-rs-3-48-crore-in-remote-access-fraud
Post Views: 21

Two enterprises in Mumbai suffered financial losses totaling ₹3.48 crore following the unauthorized access of employee devices through compromised ZIP archives.

Mumbai Firms Lose ₹3.48 Crore in Remote-Access Cyber Scam

Two enterprises in Mumbai suffered financial losses totaling ₹3.48 crore following the unauthorized access of employee devices through compromised ZIP archives. The incidents involved cybercriminals gaining control of mobile phones, which enabled them to manipulate communication channels and execute fraudulent fund transfers.

Incident at Aluminum Supply and Trading Company

The initial breach occurred at an aluminum supply and trading company, where a female accountant received a ZIP file from an unknown sender on June 11. Upon opening the attachment, the device was compromised, granting attackers remote access. The perpetrators then blocked the legitimate Managing Director’s contact number on the employee’s phone and substituted it with a number linked to the MD’s name. Using this deception, the criminals instructed the accountant to transfer ₹1.98 crore to a specified bank account, which she executed believing the request originated from company leadership.

Incident at Luxury Gold Jewellery Design Firm

A similar scheme targeted a luxury gold jewellery design firm, where a junior accountant was also exposed to a malicious ZIP file. This allowed attackers to seize control of the employee’s mobile device. The fraudsters replaced the genuine director’s contact details with their own, then directed the employee to transfer ₹1.5 crore to an account in Ghaziabad. The company processed the transaction between June 12 and June 16 after consulting a senior colleague, who verified the instructions as legitimate.

Cybersecurity Analysts’ Insights

Cybersecurity analysts highlighted that this method poses a greater risk than traditional phishing attacks, as it enables direct device control and facilitates real-time manipulation of communication. A cybersecurity specialist involved in the investigation noted that such malware can infiltrate not only mobile devices but also corporate computers and laptops, potentially leading to extensive financial and operational damage.

Expert Recommendations

Experts recommend that organizations implement strict protocols to mitigate such threats. These include prohibiting the opening of files from unverified sources, conducting regular employee training on cybersecurity best practices, and deploying advanced threat detection systems alongside multi-factor authentication for critical infrastructure. A former IPS officer and cybercrime analyst emphasized the evolving tactics of cybercriminals, who increasingly combine social engineering with remote-access tools. The expert pointed out that impersonating high-ranking executives and exploiting employee trust has become a prevalent tactic in corporate cyber fraud. They stressed the importance of multi-layer verification processes for high-value financial transactions to prevent similar incidents.

Current Status of Investigations

Following the breaches, law enforcement agencies have initiated awareness campaigns for businesses to educate employees on identifying and responding to impersonation scams. Investigators are currently tracing the flow of illicit funds, analyzing bank records, and examining the digital infrastructure used by the perpetrators. Both cases remain under active investigation.

The fraudulent activity was detected after verification through alternative communication methods. Law enforcement successfully froze approximately ₹87.04 lakh of the transferred funds.

Conclusion

The incidents underscore the critical need for robust cybersecurity measures and employee vigilance. As cybercriminals continue to refine their tactics, organizations must prioritize proactive strategies to safeguard their operations and financial assets.

FAQs

What is a remote-access cyber scam?

A remote-access cyber scam involves cybercriminals gaining control of a device, such as a mobile phone or computer, through malicious files like compromised ZIP archives. This allows them to manipulate communication and execute fraudulent activities.

How can businesses prevent such attacks?

Businesses can prevent such attacks by implementing strict protocols, such as prohibiting unverified file openings, conducting regular cybersecurity training, and deploying advanced threat detection systems alongside multi-factor authentication.

What should employees do if they suspect a scam?

Employees should verify any suspicious requests through alternative communication channels, avoid opening files from unknown sources, and report potential threats to their organization’s IT or security team immediately.



About Author

Anuj

See author's posts

More Stories

www.news4hackers.com-flare-launches-new-cti-capabilities-with-okta-integration-flare-launches-new-cti-capabilities-with-okta-integration-2

Entrust Biometrics for Secure User Verification in High-Risk Transactions

Anuj June 25, 2026
www.news4hackers.com-nist-releases-updated-iot-security-guidance-for-public-comment-nist-releases-updated-iot-security-guidance-for-public-comment-3

Gorakhpur Jewellery Showroom Victims of Multi-Account Cyber Scam: Lakhs Stolen After Account Freeze

Anuj June 25, 2026
www.news4hackers.com-cisco-sd-wan-zero-day-exploited-months-before-patch-release-cisco-sd-wan-zero-day-exploited-months-before-patch-release-4

Bengaluru Professor Scammed Out of ₹2 Crore via Fake Trading Platform

Anuj June 25, 2026

Latest Cyber Security News

www.news4hackers.com-why-account-takeovers-are-hard-to-prevent-why-account-takeovers-are-hard-to-prevent-3

BlackLine Enhances Agentic Financial Operations with AI Oversight Tools for CFOs

Anuj June 25, 2026
www.news4hackers.com-why-account-takeovers-are-hard-to-prevent-why-account-takeovers-are-hard-to-prevent-2

runZero 5.0 Streamlines Exposure Management to Enhance Risk Reduction

Anuj June 25, 2026
www.news4hackers.com-why-account-takeovers-are-hard-to-prevent-why-account-takeovers-are-hard-to-prevent-1

Veritone Introduces Assess: Streamlining Evidence Analysis & Compliance Reviews

Anuj June 25, 2026
www.news4hackers.com-why-account-takeovers-are-hard-to-prevent-why-account-takeovers-are-hard-to-prevent

Why Account Takeovers Are Hard to Prevent

Anuj June 25, 2026
www.news4hackers.com-gitlab-fixes-critical-code-execution-information-disclosure-vulnerabilities-gitlab-fixes-critical-code-execution-information-disclosure-vulnerabilities-4

Runlayer Secures $30M in Series A Funding

Anuj June 25, 2026
en_USEnglish
en_USEnglish