Pune Real Estate Firm Loses Rs 4 Crore in Whale Phishing Attack
Pune police are investigating a massive cyber fraud case involving a well-known real estate firm in Pune, which has been defrauded of Rs 4 crore in what is possibly the city’s biggest case of cyber fraud. The fraud was executed through a suspected case of whale phishing, also known as ‘spear phishing scams’ or ‘CEO scams’.
The Deputy General Manager of the firm lodged the complaint at the cyber crime police station. The fraud was perpetrated in the last week of January, when the complainant received a message from an unknown phone number claiming to be the CMD of the company. The message directed the complainant to make a Real Time Gross Settlement (RTGS) transfer of Rs 60 lakh to a bank account provided in the message. Subsequent requests for additional funds led to a total of 18 transactions being made over a period of more than a week, totaling to Rs 4.06 crore.
Despite the sizeable transfers, the sender who posed as the CMD of the company never answered calls and kept texting that he was busy and the formalities about the transfers would be completed later. When the actual CMD returned from a visit abroad and denied issuing any such fund transfer instructions, the company approached the Pune City police and registered an FIR earlier this month.
Since July of last year, there have been half a dozen cases of whale phishing attacks registered with the Pune City police. This includes a case where global vaccine major Serum Institute of India was cheated of Rs 1 crore. In November of last year, seven people were arrested, including two engineers, a science graduate, and a bank employee, for defrauding the vaccine manufacturer.
A senior officer from the Pune City police mentioned that while some important arrests have been made in the cases, the main racketeers and masterminds remain at large. Unlike typical phishing scams, whale phishing attacks specifically target high-profile individuals who handle company finances, and there is concern that perpetrators may manipulate employees to disclose sensitive information.
The term “whale phishing” emphasizes the targeting of influential figures and poses a greater risk than mere financial loss. The divulging critical information could have far-reaching consequences on company operations, according to officials. It was prevalent in the United States during late 2010.
The cyber crime police have launched a coordinated probe into the recent fraud case, which is being assigned to a team from the cyber crime police station. The investigation is ongoing and is being monitored by senior officials. Meanwhile, officials mentioned that links to cyber criminals based abroad are being investigated as they work to bring the perpetrators to justice.