BENGALURU: A word of caution for CFOs (chief financial officers) and CAOs (chief accounts officers) in corporate companies: Don’t release funds based on WhatsApp directives from your boss! Instead, crosscheck with him/her through an audio conversation or in person. Failure to follow this protocol resulted in financial losses, adding to Rs 56 lakh, for a tech company located in the central business district.
Online fraudsters tricked the company’s CAO by faking the WhatsApp credentials of the managing director (MD). The incident unfolded on December 5 when the CAO, referred to as Andrea (name changed), received a WhatsApp message from the mobile number 9601897937. This number displayed the MD’s photo and the company’s logo.
The message read: "I am the MD, I am finalizing a project, and we need to pay Rs 56 lakh as security deposit for the project. Initiate payment from the company’s account." Believing the message to be genuine, Andrea transferred the requested amount to two accounts provided by the sender.
After completing the transaction, doubts began to creep in. To confirm, she emailed her MD, only to discover the number was not his and he had neither contacted her. On December 6, realizing she had been duped, Andrea filed a complaint with the South-East CEN Crime police.
Inspector Eashwarni PN and her team swiftly began their investigation by tracing the money. They discovered the funds had been quickly moved across multiple bank accounts, one of which was registered under the name Sai Kumar in Hyderabad. Authorities coordinated with senior officers there, leading to Kumar’s apprehension.
Kumar, during interrogation, admitted he opened the account at the direction of Grishma, the gang leader, who paid him between Rs 10,000 to Rs 15,000 for every Rs 10 lakh funneled through his account. Following this lead, police raided Grishma’s residence on December 8 and arrested her along with several associates.
Grishma's involvement turned out to be even more complex. Initially, she worked as a cryptocurrency trader and was approached by someone during her crypto dealings, who promised her higher earnings for collaboration. Following his instructions, she downloaded and registered on an app called U-homeEX and began to arrange mule accounts for facilitating cyber fraud transactions.
Her role was to withdraw the cash, convert it to USDT (a cryptocurrency), and sell it back to the anonymous individual at higher prices. Grishma employed former classmates to help run the operation, paying them Rs 1,500 per day.
Raviteja, dubbed the group's 'money runner,' was responsible for withdrawing funds from the mule accounts and purchasing USDT. Police have since arrested Grishma and five associates, but the mastermind behind the operation remains unidentified. Investigations revealed the gang had been operational for the past six months.
The police seized various assets including Grishma's used Audi A4 car, mobile phones, and Rs 56,000. They also froze Rs 5 lakh across several bank accounts related to the operation, with efforts underway to recover the remaining Rs 50 lakh.
This incident serves as a stark reminder for businesses to exercise caution and verify communications, especially when financial transactions are involved.
