Mumbai Cyber Police Bust ₹10.40 Crore WhatsApp Impersonation Scam;
Editorial

Massive Multi-State Operation Exposes Sophisticated Fake Identity Fraud Network
Mumbai: In a major breakthrough against organized cybercrime, the South Cyber Police Station of the Mumbai Crime Branch has dismantled a sophisticated cyber fraud racket that allegedly duped a private company of more than ₹10.40 crore through a carefully orchestrated WhatsApp impersonation scam. Six accused have been arrested from Maharashtra, Delhi, and Bihar, while investigators continue to pursue the masterminds behind the operation.
The investigation has already resulted in the freezing of ₹5.63 crore from the defrauded amount, marking one of the most significant recoveries in a corporate cyber fraud case in recent months. Police officials have launched an extensive multi-state investigation to trace additional suspects, identify money trails, and recover the remaining funds.
The case highlights the growing sophistication of cybercriminals, who are increasingly exploiting trusted communication platforms such as WhatsApp and using fake identities to deceive employees into making unauthorized financial transactions.
Fraud Executed Through a Fake WhatsApp Identity
According to investigators, the fraud occurred between June 3 and June 15, when a 63-year-old employee responsible for handling company finances began receiving WhatsApp messages from an unfamiliar mobile number.
Although the number was unknown, the WhatsApp account displayed the profile photograph of the company’s director, making the messages appear authentic.
The fraudster claimed to be the company’s director and informed the employee that he was attending an important meeting and therefore could not communicate over a phone call. The messages emphasized urgency and instructed the employee to transfer funds immediately to multiple bank accounts for what appeared to be confidential business purposes.
The use of the director’s photograph, combined with professional language and repeated requests for confidentiality, convinced the employee that the instructions were genuine.
Company Loses Over ₹10.40 Crore
Trusting the identity presented on WhatsApp, the employee carried out a series of financial transfers from the company’s bank account.
Investigators revealed that the employee transferred ₹10,40,71,924 through 63 separate banking transactions to several different accounts provided by the fraudsters.
The payments were completed over several days before the deception was discovered.
By the time company officials realized that the WhatsApp messages had originated from an impersonator rather than the actual director, the funds had already been distributed across multiple bank accounts.
Complaint Leads to Immediate Police Action
Following the discovery of the fraud, company representatives approached the South Cyber Police Station in Mumbai.
Police promptly registered a criminal case on June 16 under various provisions of the Bharatiya Nyaya Sanhita (BNS) and the Information Technology Act.
The case includes charges under:
- Section 318(4) of the Bharatiya Nyaya Sanhita
- Section 319(2)
- Section 338
- Section 61(2)
- Section 66(C) of the Information Technology Act
- Section 66(D) of the Information Technology Act
These provisions deal with cheating, identity theft, impersonation using computer resources, criminal conspiracy, and cyber fraud.
Banks Alerted Without Delay
Understanding the urgency of financial cybercrime investigations, Mumbai Police immediately coordinated with multiple banks after receiving the complaint.
Emergency communications were sent requesting banks to freeze suspicious accounts before the stolen money could be withdrawn or transferred further.
These rapid interventions proved crucial.
Authorities successfully froze ₹5,63,98,191, preventing cybercriminals from accessing a significant portion of the stolen funds.
Officials believe that quick reporting by the victim company substantially increased the chances of recovering the money.
Six Arrested During Multi-State Raids
Based on technical evidence, digital transactions, banking records, and electronic surveillance, investigators traced several individuals allegedly connected to the fraud.
The Mumbai Crime Branch conducted coordinated operations across:
- Maharashtra
- Delhi
- Bihar
During these raids, six accused persons were arrested for their alleged involvement in the cybercrime network.
Police believe the arrested individuals served different roles within the organized operation, including opening bank accounts, facilitating money transfers, collecting cash, and assisting in routing funds through multiple financial channels.
However, investigators suspect that the six arrested persons are only part of a much larger cybercrime syndicate.
Hunt for the Mastermind Continues
The primary architects behind the operation remain at large.
Investigators are now analyzing:
- Mobile phone records
- IP addresses
- Device data
- Banking transactions
- WhatsApp activity
- Digital payment trails
Authorities are also examining whether the same criminal group has targeted other companies using similar impersonation techniques.
Officials have not ruled out the possibility that the gang operates internationally or maintains links with organized cybercrime networks.
Understanding WhatsApp Impersonation Fraud
Cyber experts explain that impersonation scams have become increasingly common due to the widespread use of messaging applications.
Fraudsters often create fake accounts using:
- Profile photographs copied from social media.
- Business logos.
- Company executive identities.
- Familiar names.
- Professional-looking display pictures.
Victims often assume the account belongs to a trusted individual and comply with financial instructions without independently verifying the request.
Unlike traditional hacking, impersonation scams rely heavily on social engineering, exploiting human trust rather than technical vulnerabilities.
Why Corporate Employees Become Targets
Cybercriminals increasingly target finance departments because employees responsible for payments routinely receive urgent financial requests.
Attackers exploit several psychological factors, including:
- Fear of delaying business decisions.
- Respect for senior management.
- Pressure to maintain confidentiality.
- Urgency created through deadlines.
- Reluctance to question instructions from executives.
In many cases, criminals carefully study company structures before launching attacks.
They often gather publicly available information through websites, LinkedIn profiles, corporate announcements, and social media.
Social Engineering: The Biggest Weapon
Experts say this case perfectly illustrates the effectiveness of social engineering.
Rather than hacking the company’s servers or banking systems, criminals manipulated an employee into voluntarily authorizing transactions.
The messages were carefully designed to appear authentic by:
- Using the director’s display picture.
- Communicating professionally.
- Claiming the director was busy.
- Creating urgency.
- Requesting secrecy.
These tactics significantly reduce the likelihood that employees will verify instructions through alternative communication channels.
Money Laundering Through Multiple Accounts
Cyber investigators believe the fraudsters intentionally instructed the victim to make 63 separate transactions instead of one large payment.
This strategy serves several purposes:
- Reduces the likelihood of triggering banking alerts.
- Makes fund tracing more difficult.
- Distributes money across multiple accounts.
- Enables rapid withdrawals.
- Complicates recovery efforts.
Such methods are commonly employed by organized cybercrime syndicates.
Digital Evidence Becomes Critical
Police have begun detailed forensic analysis of:
- Mobile devices.
- SIM cards.
- Internet logs.
- Banking metadata.
- Device fingerprints.
- Messaging records.
Digital forensic experts will reconstruct the communication chain to identify additional conspirators and determine how the impersonation account was created.
Corporate Cybercrime on the Rise
Business email compromise and executive impersonation scams have become one of the fastest-growing categories of cybercrime globally.
Companies across industries—including manufacturing, finance, healthcare, technology, and logistics—have reported substantial financial losses through similar fraud schemes.
The increasing use of instant messaging platforms has created new opportunities for cybercriminals to exploit trust within organizations.
Importance of Immediate Reporting
Mumbai Police emphasized that timely reporting significantly improves recovery prospects.
In this case, immediate coordination with financial institutions enabled authorities to freeze more than half of the stolen money before it disappeared into complex laundering networks.
Delays in reporting often allow cybercriminals to:
- Transfer funds internationally.
- Convert money into cryptocurrency.
- Withdraw cash through mule accounts.
- Disperse funds across numerous financial institutions.
Once money leaves the formal banking system, recovery becomes substantially more difficult.
Police Advisory for Citizens and Businesses
Following the arrests, the Mumbai Crime Branch issued a strong advisory urging individuals and corporate organizations to remain vigilant.
Authorities recommended that people should:
- Always verify financial instructions received through WhatsApp.
- Never rely solely on a profile picture to confirm identity.
- Call the sender using an officially known number before transferring funds.
- Confirm urgent payment requests through multiple communication channels.
- Report suspicious activity immediately.
Police also warned citizens against falling victim to the increasingly common “digital arrest” scams, in which fraudsters falsely claim to represent law enforcement or government agencies to extort money.
National Cybercrime Reporting Mechanisms
Victims of cyber fraud are advised to act without delay.
Authorities recommend:
- Calling the National Cyber Crime Helpline 1930 immediately.
- Filing a complaint through the official National Cyber Crime Reporting Portal.
- Contacting the nearest police station without waiting.
- Informing their bank as soon as unauthorized transactions are detected.
Swift action can significantly improve the chances of freezing fraudulent transactions before the money is withdrawn.
A Wake-Up Call for Corporate India
The Mumbai WhatsApp impersonation case underscores how even established companies with experienced employees remain vulnerable to sophisticated social engineering attacks. While technology continues to strengthen cybersecurity, human judgment remains a critical line of defense.
Organizations are increasingly being encouraged to implement multi-level payment authorization systems, mandatory verification protocols for high-value transactions, employee cybersecurity awareness training, and strict policies requiring independent confirmation of financial instructions received through messaging applications.
As cybercriminals continue to evolve their tactics, businesses must recognize that protecting digital assets requires not only advanced technology but also informed employees, robust internal controls, and rapid incident reporting. The Mumbai Crime Branch’s swift investigation and recovery of over ₹5.63 crore demonstrate the importance of immediate action, coordinated law enforcement efforts, and public awareness in combating the growing threat of cyber-enabled financial fraud.




