In two separate incidents, two major Mumbai-based companies collectively lost INR 34.8 million after their accounting staff unknowingly fell victim to a deceptive file-based attack that granted hackers full control over their mobile phones and allowed them to impersonate senior executives on messaging platforms.
The first incident involved an aluminum supply and trading company, which suffered a loss of INR 19.8 million on the evening of June 11. A female accountant received a ZIP file from an unknown number on her mobile phone. Without suspicion, she opened the file. Immediately after the file was accessed, the attacker gained complete remote control of her device.
The hacker then secretly altered her contact list, blocked the genuine Managing Director’s number, and saved the attacker’s own number under the name of the Managing Director. Using this manipulated identity, the fraudster initiated a WhatsApp conversation with the accountant and instructed her to urgently transfer INR 19.8 million to a bank account in Gurugram.
Believing the instructions to be authentic, the accountant processed the transaction. After the fraud was discovered, law enforcement authorities managed to freeze INR 8.704 million from the transferred amount through immediate intervention.
The second case involved a luxury gold jewelry design firm, which was defrauded of INR 15 million through an almost identical method. In this case, the attacker targeted a junior accountant and sent a malicious ZIP file to his mobile device. Once opened, the hacker gained access to the phone, blocked the company director’s contact, and replaced it with their own number under the director’s identity.
The fraudster then impersonated the director over WhatsApp and instructed the junior accountant to transfer funds to an account belonging to a textile trader in Ghaziabad. The junior accountant consulted a senior accountant, and both, believing the directive to be legitimate, proceeded with multiple transfers between June 12 and June 16.
Cybersecurity expert Nikhil Mahadeshwar, who is assisting investigators in analyzing these malicious files, warned that such attacks are not limited to mobile phones and can also compromise office laptops and desktop computers. He emphasized the urgent need for organizations to deploy robust cybersecurity software to prevent similar breaches.
Mumbai Cyber Police Deputy Commissioner of Police Bajrang Bansod recently conducted an awareness session for business entities, focusing on impersonation-based scams and urging companies to strengthen internal verification protocols before processing financial transactions.
The incidents highlight a rapidly evolving cybercrime tactic that combines malware delivery, identity manipulation, and social engineering to bypass traditional financial security checks, resulting in severe financial losses for corporate victims.
About The Author
.jpg)
.jpg)
Comment List