A prominent event management company with offices in Noida has fallen victim to a sophisticated cyber fraud, suffering a staggering loss of Rs 24 lakh. The elaborate scam, which unfolded in October, involved imposters posing as the company's director to dupe an employee into purchasing high-value Apple gift cards.
The Elaborate Scam: A Director's Impersonation
The incident came to light with the filing of a formal complaint at the cyber crime police station on Friday. The targeted firm, which specialises in organising business events and conferences, has its corporate presence in several cities, including an office in Noida's Sector 3.
The plot was set in motion on October 1. On that day, an employee from the company's Mumbai office had travelled to Noida for a training programme. Coincidentally, the actual company director had departed for Barcelona to attend an event. Seizing this opportunity, scammers contacted the Mumbai-based employee via WhatsApp, cleverly disguising themselves as the director.
The impersonator issued urgent instructions, directing the employee to immediately purchase Apple gift cards worth large sums of money. Emphasising the need for swift action, the fraudster then provided a list of approximately 15 different email IDs. The trusting employee, believing the messages to be genuine, proceeded to buy the digital gift cards and registered them to the emails supplied by the scammer.
Financial Fallout and Damage Control
The fraudulent purchases, totalling Rs 24 lakh, were executed using four separate company credit cards from HDFC and ICICI Banks. The alarm was raised only when another company executive noticed the unusual transactions and intervened. Realising it was a well-orchestrated scam, the executive took prompt action to block all the compromised credit cards.
The company immediately reached out to Amazon, the platform used to purchase the gift cards, and formally registered a complaint with the cyber crime cell. In the aftermath, HDFC Bank managed to recover and return Rs 5 lakh to the company's accounts. However, the remaining Rs 19 lakh, which was debited via the ICICI Bank cards, is likely lost permanently, as per information given to the firm. This significant unrecovered loss prompted the company to approach the cyber crime police once more for a resolution.
Legal Repercussions and Ongoing Investigation
Based on the detailed statements provided by the company representatives, the police have registered a formal case. The charges have been framed under Section 66D of the IT Act (punishment for cheating by personation using computer resource) along with relevant sections of the new Bharatiya Nyaya Sanhita (BNS), including Section 318(4) for cheating and 319(2) for cheating by personation.
This case highlights a growing trend of corporate-targeted phishing scams where fraudsters exploit hierarchical structures and a sense of urgency. It serves as a critical reminder for businesses to implement robust internal financial protocols and multi-layer verification processes, especially for unusual or high-value transactions requested via informal messaging platforms.
