New Delhi: Naresh Gujral, former Rajya Sabha MP and son of ex-Prime Minister Inder Kumar Gujral, was defrauded of Rs 7.8 crore in a cyber scam. The fraudsters impersonated him on a messaging platform and manipulated his employee's phone records to transfer funds. Police have frozen Rs 4 crore of the stolen amount so far.
How the fraud unfolded
The scam occurred between June 12 and June 16. Cybercriminals created a fake account on a messaging platform using Gujral's display picture to pose as him. They contacted an employee of Gujral's company, sending urgent messages instructing multiple RTGS transfers for what appeared to be legitimate business needs. Believing the instructions were authentic, the employee made four fund transfers totaling Rs 7.8 crore.
According to police, the fraud initially went unnoticed as the transactions seemed routine. The bank flagged the unusually large transfers and sought clearance from the company's CFO, who approved them assuming Gujral had authorized them. The scam came to light on June 16 when a company official, sensing something amiss, contacted Gujral's daughter to verify the payments. She checked with her father and found he had not issued any such instructions. The family then lodged a complaint.
Technical manipulation
Investigators found the gang first sent a malicious file to an employee, compromising his mobile phone. Once they gained access, they tampered with contact details stored in the device, replacing Gujral's phone number with their own while retaining his profile picture. This made all incoming messages from the fake number appear as if they were from Gujral.
Gujral, who runs a garment business, told TOI that his CFO became a victim in his absence. He praised the Delhi Police cybercrime team for acting swiftly and recovering almost 70% of the amount, with more recovery expected. The stolen money was routed through four transactions into bank accounts in different states.
Deputy Commissioner of Police (IFSO) Vinit Kumar advised that anyone asked to transfer money or share sensitive information should verify the request by calling the person directly.
