Man-in-the-Middle Attack: Pune Firm Duped of Rs 6.49 Crore in Sophisticated Cyber Scam; Cyber Police Launch Probe
Pune, 25th April 2025: A director of a company based in Mohammadwadi has become the latest victim of a cybercrime known as a Man-in-the-Middle (MiTM) attack, resulting in a loss of ₹6.49 crore. The incident occurred on March 27 and came to light after the company noticed discrepancies in the transaction details.
MiTM attacks involve cybercriminals intercepting communication between two trusted parties, manipulating the data, and impersonating one of them—often with financial consequences.
According to the cyber police, the 39-year-old director, who runs a firm dealing in IT services and dry fruit imports, was working from his residence on NIBM Road when he received what appeared to be a genuine email from a regular overseas supplier. The message requested a payment that matched an ongoing almond consignment, prompting the director to authorize the bank transfer without further verification.
“At first glance, the email seemed authentic,” said Senior Inspector Swapnali Shinde of the Pune Cyber Police. “It came from an address almost identical to that of the U.S.-based supplier and included payment details. However, the attackers had subtly altered one letter in the email address and changed the bank account number.”
Believing the request was legitimate, the director asked his bank to release the funds, which were transferred in five separate installments. It wasn’t until weeks later—on April 17—that he contacted the supplier for a follow-up and learned that the payment had never been received.
Upon closer inspection, he realized the email had been spoofed and the bank account belonged to fraudsters. An official complaint was lodged with the Pune Cyber Police on April 23.
Inspector Shinde noted that the email and account modifications were carefully designed to avoid detection. “The bank’s records also reflected an abbreviated version of the beneficiary name, making it harder to spot the fraud at the time of the transfer,” she explained.
Police are now tracking the flow of money through multiple accounts. “Some of the transferred funds have not yet reached the final destination. Roughly ₹3 crore remains in transit or in intermediary accounts,” Shinde said. “We are tracing the digital trail and will make every effort to recover the amount.”
In a related case, the Pimpri Chinchwad Cyber Police registered a complaint after an auto parts manufacturer was swindled out of ₹7.16 crore in a ‘CEO fraud’ — a scheme where an imposter posed as the company’s overseas director and instructed the plant head to transfer funds over a period of four weeks.
Investigations in both cases are ongoing.
