Skip to Content
Add Network with Us — Join Membership


Navi Mumbai Jewellery Firm Loses ₹10.7 Crore in WhatsApp Impersonation Scam

Cybercriminals allegedly copied the company owner’s name and profile photograph and used familiar payment instructions to persuade an accounts executive to transfer funds to five bank accounts.
July 18, 2026 by
Navi Mumbai Jewellery Firm Loses ₹10.7 Crore in WhatsApp Impersonation Scam
Administrator

A jewellery company in Navi Mumbai has allegedly lost ₹10.70 crore after cybercriminals impersonated its owner through WhatsApp and directed an accounts executive to transfer company funds to multiple bank accounts.

The Navi Mumbai Cyber Police have registered a criminal case and launched an investigation into the fraudulent WhatsApp account, the beneficiary accounts and the movement of the transferred money.

According to investigators, the fraud succeeded because the messages appeared to follow the company’s existing internal payment practices.

The suspects remain unidentified, and the allegations are subject to investigation and judicial proceedings.

Fraud Began With WhatsApp Message

Police said the incident began on July 14, 2026, when an accounts executive working at the company’s Mahape office received a WhatsApp message from an unfamiliar mobile number.

The profile displayed:

  • The company owner’s name
  • The owner’s photograph
  • A communication style resembling genuine business instructions

Believing that the message had been sent by the owner, the executive reportedly responded and shared the balance available in the company’s current account.

Account Balance Shared With Impersonator

The disclosure of the account balance may have enabled the fraudster to determine the amount available for transfer.

The suspect then allegedly instructed the employee to send money to three separate bank accounts.

Investigators are examining whether the fraudsters already possessed confidential information relating to:

  • The company’s payment practices
  • The identity of the accounts executive
  • The owner’s communication style
  • The timing of available funds
  • Internal reporting relationships

Such information may indicate that the company was specifically targeted rather than selected randomly.

₹7.70 Crore Transferred in Four Transactions

According to police, the accounts executive transferred a total of ₹7.70 crore in four separate transactions on July 14.

The employee allegedly did not suspect fraud because the owner regularly issued payment instructions through:

  • Phone calls
  • WhatsApp messages
  • Informal digital communication

The fraudsters appear to have exploited this established practice to make the request appear routine.

Another ₹3 Crore Transferred Next Day

On July 15, the employee reportedly received further instructions from the same fraudulent WhatsApp account.

The suspect directed the executive to transfer money to two additional bank accounts.

The employee allegedly completed the payments, transferring another ₹3 crore and bringing the total loss to ₹10.70 crore.

Police are examining the precise timing of all transfers and whether the money was moved out of the beneficiary accounts immediately after receipt.

Fraud Discovered During Group Voice Call

The impersonation was uncovered later on July 15 during a WhatsApp group voice call involving:

  • The company owner
  • The finance officer
  • Other relevant company personnel

During the conversation, the owner reportedly stated that he had never sent the payment instructions and had not authorised any of the transfers.

The company then realised that the WhatsApp profile had been created by an impersonator.

Owner’s Photograph Used With Different Number

Investigators found that the fraudulent account displayed the owner’s name and profile photograph but was linked to a different mobile number.

This method can be effective because employees may focus on:

  • The displayed name
  • The profile photograph
  • The wording of the message
  • The apparent urgency of the request

They may fail to notice that the underlying phone number is different from the verified number normally used by the executive.

Established Business Practice Exploited

Police believe the accused deliberately exploited the company’s internal communication practices.

The employee was reportedly accustomed to receiving payment instructions through WhatsApp and phone calls, reducing the likelihood that an unusual request would immediately appear suspicious.

This type of fraud is commonly associated with executive impersonation, where criminals pose as:

  • Company owners
  • Directors
  • Chief executive officers
  • Finance heads
  • Vendors
  • Senior managers

The objective is to persuade an employee with payment authority to transfer money before the request can be independently verified.

FIR Registered Against Unknown Accused

The Navi Mumbai Cyber Police have registered an FIR against:

  • The unidentified person operating the fake WhatsApp account
  • The holders of the beneficiary bank accounts
  • Any other individuals found to have facilitated the transfers

Investigators are examining whether the account holders knowingly participated in the fraud or allowed their accounts to be used as money-mule accounts.

Five Beneficiary Accounts Under Investigation

The ₹10.70 crore was reportedly transferred to five different bank accounts over two days.

Police are analysing:

  • Account-opening documents
  • KYC records
  • Registered mobile numbers
  • IP and device information
  • Incoming and outgoing transactions
  • ATM withdrawals
  • Transfers to additional accounts
  • Links between account holders

The speed with which funds were transferred onwards may help determine whether the accounts were controlled by an organised network.

Banks Asked to Freeze and Trace Funds

Authorities are coordinating with banks and payment channels to trace the stolen funds.

Immediate action in such cases may include:

  • Freezing beneficiary accounts
  • Placing debit restrictions
  • Identifying subsequent transfers
  • Recalling funds where possible
  • Alerting recipient banks
  • Preserving transaction records

The possibility of recovery depends largely on how quickly the fraud is reported and whether the money remains in identifiable accounts.

Money Mule Involvement Being Examined

Investigators are assessing whether the beneficiary accounts belonged to money mules.

A money mule may allow an account to receive and transfer suspected proceeds in exchange for a commission or other benefit.

Such accounts may be opened in the names of:

  • Individuals seeking easy income
  • Low-income account holders
  • Shell businesses
  • Dormant companies
  • Persons whose identity documents were misused

Police will examine whether the account holders had knowledge of the underlying fraud.

Possible Organised Network Angle

The scale of the loss and the use of multiple beneficiary accounts suggest that the operation may have involved more than one person.

Authorities are investigating possible roles such as:

  • Identity impersonators
  • Social engineering specialists
  • Data providers
  • Mule account operators
  • Banking coordinators
  • Fund withdrawal agents
  • Network organisers

The case may expand if investigators identify links to similar corporate impersonation frauds.

Fraudsters May Have Conducted Prior Reconnaissance

Sophisticated business impersonation scams often involve detailed preparation.

Fraudsters may study:

  • Company websites
  • Social media profiles
  • Employee designations
  • Publicly available photographs
  • Corporate announcements
  • Vendor information
  • Internal communication habits

They may then contact the employee most likely to have access to company funds.

Investigators are examining how the accused obtained the owner’s photograph and identified the accounts executive.

Social Engineering Bypassed Financial Controls

The fraud did not necessarily require direct hacking of the company’s bank account.

Instead, the suspects allegedly manipulated an authorised employee into initiating genuine bank transfers.

This distinction is important because technically valid transactions may still result from fraud where the employee’s consent was obtained through deception.

The incident demonstrates how social engineering can bypass technological security when internal verification systems are weak.

High-Value Payments Need Multi-Level Approval

Companies handling substantial funds should not permit high-value transactions based on instructions from a single messaging channel.

A strong approval process may require:

  • Maker-checker controls
  • Dual authorisation
  • Senior finance approval
  • Written payment support
  • Vendor verification
  • Independent confirmation
  • Transaction limits

No single employee should be able to transfer unusually large sums based only on a WhatsApp message.

Confirm Through a Separate Channel

Payment instructions received through WhatsApp, email or another messaging platform should be verified using an independent channel.

For example:

  • Call the sender on the previously saved official number.
  • Confirm in person where possible.
  • Use a verified corporate email address.
  • Seek written approval through the company’s ERP.
  • Obtain confirmation from a second authorised person.

Employees should not use the phone number contained in the suspicious message to verify the request.

Number Changes Must Trigger Immediate Alert

A familiar profile photograph does not prove that the account is genuine.

Companies should train employees to treat the following as warning signs:

  • A new mobile number
  • An unsaved number using a senior executive’s photograph
  • Sudden secrecy
  • Urgent payment instructions
  • Requests to bypass normal approvals
  • Transfers to new beneficiaries
  • Instructions outside business hours

Even minor deviations from established payment procedures should trigger independent verification.

New Beneficiary Accounts Require Enhanced Checks

Payments to newly added bank accounts should undergo additional scrutiny.

Before transfer, finance teams should verify:

  • Account holder name
  • Bank branch
  • Purpose of payment
  • Supporting invoice
  • Contractual relationship
  • Approval from the relevant department
  • Independent confirmation from the beneficiary

Large payments to unrelated or newly introduced accounts should not be processed solely on verbal or messaging instructions.

Transaction Limits Can Reduce Exposure

Companies can reduce potential losses by setting:

  • Per-transaction limits
  • Daily transfer limits
  • Beneficiary cooling periods
  • Mandatory approval thresholds
  • Alerts for unusual payments
  • Restrictions on newly added accounts

A temporary delay in processing unusually large payments can provide time to identify impersonation attempts.

Employee Training Is Essential

Accounts, finance and treasury employees should receive regular training on:

  • Executive impersonation
  • WhatsApp profile cloning
  • Vendor payment fraud
  • Business email compromise
  • Fake invoice scams
  • Urgency-based manipulation
  • Verification procedures

Training should include simulated examples so employees can recognise real-world tactics.

Internal Communication Policies Must Be Formalised

Businesses should clearly define which channels may be used for financial authorisation.

A written policy should specify:

  • Who can approve payments
  • The approved communication channels
  • Required supporting documents
  • Verification requirements
  • Escalation procedures
  • Emergency transaction rules
  • Exception reporting

Informal instructions may be convenient but can expose the company to substantial fraud risk.

Board-Level Oversight May Be Necessary

A fraud of this scale may require management and board review of:

  • Delegation of financial authority
  • Internal control failures
  • Banking access rights
  • Employee training
  • Fraud reporting procedures
  • Cyber insurance coverage
  • Incident-response readiness

The review should focus on preventing recurrence rather than assigning responsibility before the facts are established.

Cyber Police Continue Financial Analysis

Investigators are continuing to examine:

  • Bank transaction records
  • Beneficiary accounts
  • WhatsApp data
  • Mobile number registration details
  • Device information
  • Possible IP records
  • Communication patterns
  • Links to other cases

The objective is to identify the suspects, trace the funds and establish whether the fraud formed part of a wider cybercrime network.

Recovery Efforts Continue

The company and police are working with financial institutions to determine whether any portion of the ₹10.70 crore can be recovered.

The success of recovery efforts will depend on:

  • The time elapsed before reporting
  • The number of onward transfers
  • Whether cash withdrawals occurred
  • Whether funds crossed jurisdictions
  • The availability of account balances
  • Cooperation between banks

Further legal action may follow against account holders or facilitators if evidence establishes their involvement.

Shunyatax Global Insight

Shunyatax Global says that this case highlights a critical weakness in many family-owned and promoter-driven businesses: payment authority often depends on informal instructions rather than documented controls. A familiar name, photograph or communication style must never substitute for independent verification. Companies handling high-value transactions should introduce maker-checker systems, dual approvals, beneficiary cooling periods and mandatory callback verification through pre-registered contact details. The greatest protection against executive impersonation fraud is not only cybersecurity software, but a financial process that no single WhatsApp message can override.

in News
Share this post
Archive