In a significant success against international cyber fraud, the Madhya Pradesh Cyber Police have recovered over ₹3.72 crore lost in a sophisticated business email compromise (BEC) scam involving cross-border transactions. The recovery was made possible through swift action and close coordination between Indian cybercrime authorities, US agencies and international banks.
The case involved an Indore-based company, Shivganga Drillers Private Limited, which was in the process of making a legitimate international payment to its US vendor, Innovex International Inc, based in Houston. Cybercriminals intercepted the email communication between the two companies and executed a carefully planned email spoofing attack to divert the payment.
According to police officials, the fraudsters created a fake email address that closely resembled the vendor’s official domain. Using this spoofed identity, they instructed the Indian company to transfer USD 415,017.58 (around ₹3.72 crore) to a different bank account, falsely claiming that the vendor had updated its banking details.
The email appeared completely authentic, matching the tone, format and signature style of earlier communications. Trusting the request, the company transferred the amount to an account held with JP Morgan Bank in the United States.
Suspicion arose when the company later received another email claiming the payment had been rejected and asking for the amount to be resent to yet another account. The finance team then contacted the US vendor directly over the phone, only to discover that no such request had been made and that the original payment details were unchanged.
Realising it was a case of cyber fraud, the company immediately approached the Indore cyber cell. A complaint was filed on India’s National Cyber Crime Reporting Portal (I4C), while a parallel complaint was lodged with the FBI-run Internet Crime Complaint Center (IC3) in the US.
Thanks to rapid coordination, JP Morgan Bank froze the beneficiary account before the funds could be withdrawn or laundered. With support from the Bank of India, the international recall process was initiated, resulting in the full recovery of the stolen amount.
Cyber officials credited the success to quick reporting and coordinated action across jurisdictions. Experts say such frauds highlight why strong internal financial controls, transaction verification processes and periodic auditing services in India are critical for businesses handling international payments.
Following the case, authorities issued an advisory urging companies to independently verify any request for changes in bank details, avoid relying solely on email for financial instructions, and report suspicious activity immediately. Officials warned that delays often make recovery impossible once funds are moved through multiple accounts.
While business email compromise scams continue to rise globally, the Indore case stands out as a rare instance where timely action prevented a major financial loss and disrupted an international cybercrime operation.