Cybercriminals allegedly defrauded an Agra-based private company of ₹1.98 crore by creating a WhatsApp identity resembling the mobile number of its director and issuing a fraudulent payment instruction to the company’s accountant.
A case has been registered at the Cyber Crime Police Station following a complaint by company director Santosh Kumar Sharma.
Police are examining banking records, WhatsApp communications, mobile numbers, IP addresses and other digital evidence to trace the alleged fraud network.
Company Accountant Received Urgent Payment Message
According to the complaint, the affected company is SKS Infra Projects Private Limited.
The incident allegedly occurred on July 9, 2026, when company accountant Ram Mohan received a WhatsApp message from a mobile number that closely resembled the actual number of director Santosh Kumar Sharma.
The message reportedly directed him to process an urgent company payment.
Believing the instruction to be genuine, the accountant initiated the transfer without independently confirming it with the director.
₹1.98 Crore Transferred From ICICI Bank Account
According to police, the accountant transferred approximately ₹1.98 crore from the company’s ICICI Bank account.
The money was allegedly sent to an account maintained with IndusInd Bank in the name of Mamik Kitchen Private Limited.
Investigators are examining:
- The beneficiary account
- Account-opening documents
- Transaction history
- Subsequent fund transfers
- Beneficial ownership details
- Links with other suspicious accounts
The objective is to identify where the funds were moved after reaching the beneficiary account.
Fraud Discovered During Internal Verification
The transaction came to light when Santosh Kumar Sharma noticed the high-value payment and asked the accountant to explain its purpose.
The accountant reportedly stated that he had processed the transfer based on instructions received through WhatsApp.
An internal verification subsequently established that the director had not issued any such payment instruction.
The company then reported the incident through the cyber fraud reporting mechanism and approached the Cyber Crime Police Station.
WhatsApp Identity Allegedly Resembled Director’s Number
Investigators suspect the accused may have used WhatsApp spoofing, impersonation or a lookalike mobile number to mislead the accountant.
The probe is examining:
- Whether the director’s number was cloned or imitated
- Whether a similar-looking mobile number was used
- How the accused obtained internal company information
- Whether the profile photograph or identity details were copied
- Whether the company’s communication system had been compromised
Police are also investigating whether the fraudsters possessed prior knowledge of the company’s payment approval process.
Internal Information May Have Been Exploited
A successful corporate impersonation fraud often requires knowledge of:
- Names of senior executives
- Accountant or finance-team contacts
- Banking relationships
- Payment-authorisation practices
- Vendor or beneficiary details
- Timing of large transactions
Investigators may examine whether this information was obtained through social media, data leaks, compromised email accounts, insiders or earlier communication with company employees.
Organised Corporate Fraud Network Suspected
Police are probing whether the incident was carried out by an organised cybercrime group specialising in executive impersonation and high-value payment fraud.
Such groups commonly:
- Copy names and profile photographs of senior executives
- Create lookalike phone numbers or email addresses
- Send urgent and confidential payment requests
- Prevent employees from completing normal verification
- Route funds through company or mule accounts
- Rapidly move money through multiple banking layers
The beneficiary company account and subsequent fund trail may help identify the wider network.
Why Urgency Is a Major Warning Sign
Corporate impersonation scams frequently create artificial urgency to prevent employees from verifying instructions.
Fraudulent messages may claim that:
- A payment must be completed immediately
- The transaction is confidential
- The director is in a meeting
- The beneficiary is a new vendor
- Delay will affect a business deal
- Normal approval procedures should be bypassed
Employees should treat any request to avoid standard controls as a significant fraud warning.
High-Value Payments Need Multi-Level Verification
Companies should never approve substantial payments solely through WhatsApp, SMS or email.
High-value transactions should require:
- Maker-checker approval
- Direct voice confirmation
- Call-back to a registered number
- Written payment documentation
- Independent beneficiary verification
- Dual authorisation through banking systems
- Transaction limits based on employee roles
No employee should have unilateral authority to process a ₹1.98 crore transfer based on a single digital message.
Lookalike Numbers Can Be Difficult to Detect
Fraudsters may use numbers that differ from a genuine executive’s number by only one or two digits.
Employees may fail to notice the difference when:
- The profile picture is identical
- The display name is copied
- The message style resembles the executive
- The request appears business-related
- The communication arrives during a busy period
Finance teams should rely on verified contact directories rather than the number shown in a new message.
Immediate Reporting Improves Recovery Chances
In high-value cyber fraud cases, rapid reporting is essential because the money may be moved through several accounts within minutes.
Affected businesses should immediately:
- Contact the remitting bank
- Request transaction recall or beneficiary freeze
- Report the incident through the 1930 cybercrime helpline
- File a complaint on the National Cyber Crime Reporting Portal
- Preserve screenshots and chat records
- Secure email and messaging accounts
- Inform internal auditors and legal teams
The earlier the banking system receives the alert, the greater the possibility of freezing part of the funds.
Investigation Continues
Police are currently analysing:
- Bank account records
- WhatsApp communication data
- Mobile numbers
- IP addresses
- Device information
- Digital footprints
- Transaction layering
- Possible links to other fraud cases
Further legal action will depend on the evidence collected and whether additional beneficiaries or participants are identified.
The allegations remain under investigation and have not yet been tested before a court.
Shunyatax Global Insight
Shunyatax Global says that executive impersonation fraud is fundamentally an internal-control failure combined with social engineering. Every company should create a written rule that no high-value payment can be approved through WhatsApp or email alone.
Payments above a defined threshold should require direct call-back verification through a pre-approved number, dual authorisation and independent confirmation of any new beneficiary. Businesses should also conduct periodic mock-fraud exercises so finance teams learn to identify urgency, secrecy and last-minute account changes as warning signals.