Pune Firm Loses Rs 2.3 Crore in International Email Fraud Involving Fake Bank Account

Pune, 10th July 2025: In a sophisticated case of cyber fraud, an engineering company based in Dhayari was duped of over ₹2.3 crore (240,000 Euros) by cybercriminals who carried out a man-in-the-middle attack by intercepting email communication with a foreign supplier.

The scam unfolded on June 10, when the Pune-based company, which manufactures automobile components and engineering products, attempted to make an international payment for a high-end press bending machine ordered from an Italy-based manufacturer. A case has been registered with the Cyber Police Station.

Cybercriminals Impersonated Foreign Supplier
Senior Inspector Swapnali Shinde of the Pune Cyber Police said the company had been in regular contact with the Italian supplier since February this year, discussing technical specifications and timelines for delivery.

“The Italian company had agreed to manufacture and supply the press bending machine and sent a formal payment schedule to the Pune firm,” said Shinde.

However, on June 10, the Dhayari company received what appeared to be a legitimate follow-up email from the supplier’s domain, including bank account details for the payment.

“The email seemed authentic but had a different bank account number from previous correspondence. Without cross-verifying with the actual officials in Italy, the company’s accounts department transferred the amount to this new account,” she added.

Fraud Discovered After Funds Were Sent
After initiating the payment, the Pune firm contacted the Italian company to confirm receipt of funds. To their shock, the supplier denied receiving any money. A quick internal audit revealed that the payment had been diverted to an unrelated bank account.

“The realization came only after the money had already been transferred. The Italian company confirmed that no such account was ever shared by them, which clearly indicated that cybercriminals had impersonated the sender,” Shinde explained.

The fraud is a classic example of a man-in-the-middle (MITM) attack—a type of cybercrime where hackers intercept communication between two parties and impersonate one of them to extract sensitive information or divert funds.

Police Investigation Underway
Cyber police are currently working with bank officials and digital forensics teams to trace the origin of the fraudulent email and recover the stolen amount, although authorities admit that cross-border cases can be time-consuming and challenging.

The police have urged businesses, especially those dealing in international transactions, to always verify changes in payment instructions via an independent communication channel, such as a phone call to a known contact person.