Infra firm Phishing Attack, Loses several Crores in Cyber Fraud

Hyderabad: An infra company is the latest to fall victim to an elaborate phishing attack, losing Rs. 5.47 crore. Following a complaint from the company’s official, the Telangana Police’s Cyber Security Bureau (TGCSB) registered a case on February 13, 2025 and are tracing the fraudster.

According to details, the Hyderabad-based infra company had issued a purchase order for supply of essential equipment such as burner packages and an incinerator burner package along with local control panels worth Euros 1,439,000 with another firm.

The value of the purchase order was subsequently increased to Euros 2,649,000 on February 17, 2024 and a work order was also issued to the same vendor for Euros 795,000. The payments were made as per the agreed-upon terms and conditions.

Hyderabad Cycling Revolution hosts Musi River heritage ride on July 6

On November 30, 2022, a payment of an amount of Euros 144,900 was made to the vendor achieving the first milestone through ABN Amro Bank, Netherlands.
On April 26, 2023, an infra company issued a letter of credit for Euro 2,214,300 to the vendor on achieving a third milestone to their bank account in ABN Amro Bank.
On November 03, 2022, the Hyderabad-based company transferred an amount of Euros 79,500 to the same vendor on achieving the first milestone in the work order.
On February 02, 2024, an infra company released one more payment of Euros 318,000 to the vendor on achieving the second milestone in the work order and all these payments were acknowledged by the vendor and the representative of the company via his official email ID.

Meanwhile, on November 29, 2024, a fake email impersonating the vendor’s representative claiming the company’s account in ABN Amro Bank in the Netherlands has been restricted due to a court order and instructed the Hyderabad’s infra firm to send their future payments to a new account at JP Morgan Chase in Alpharetta, Georgia.

Infra company transferred an amount of Euros 318,000 on January 24 and received a confirmation on January 27, 2025 from the vendor through this e-mail ID. The company made a payment of Euros 289,800 to the JP Morgan account on January 29, 2025.

When the Hyderabad-based firm wrote to the vendor seeking confirmation, their representative confirmed over email on February 4, 2025 and February 5, 2025 that they had not received the payments regarding the second milestone of purchase order valued Euros 289,800 and as well as payment of Euros 318,000.

The communication prompted an internal review which revealed that unknown persons had impersonated the representative and altered the email domain to mislead the Hyderabad firm.

Following the internal inquiry, the company’s official lodged a complaint with the Telangana Cyber Security Bureau (TGCSB) and the cyber crime police registered a case under sections 318(4), 319(2), and 338 of Bharatiya Nyaya Sanhita (BNS), along with sections of 66-C and 66-D of IT Act.