The Delhi Police Cyber Cell acts swiftly to freeze ₹4.28 crore across regional mule banking layers, while financial compliance officers urge businesses to set up strict call-back protocols for high-value RTGS requests.
Add businessleague.in as a Preferred Source
The sophisticated operational loops used by modern financial cyber-criminals have crossed a dangerous new line, shifting from simple mass phishing text campaigns to targeted executive identity theft. Issuing a formal notification on Thursday night, June 18, 2026, the Intelligence Fusion and Strategic Operations (IFSO) branch of the Delhi Police confirmed a massive WhatsApp impersonation asset protection India security breach. The targeted attack hit the south Delhi garment manufacturing enterprise run by former Rajya Sabha MP Naresh Gujral—son of late Prime Minister I.K. Gujral—scamming his financial desk out of an astronomical ₹7.68 Crore.
The high-profile cyber heist highlights severe vulnerabilities in how companies handle daily business approvals.
Operating under the false impression that they were responding directly to their employer, the firm’s financial team approved four consecutive Real-Time Gross Settlement (RTGS) transactions over a four-day window.
The multi-crore fraud went completely unnoticed until the executive’s daughter, Diksha Gujral, spotted the unusual money movements on Tuesday, June 16, and immediately flagged the entries with her father, exposing the massive security breach.
Also Read | Viral Trump Lookalike Buffalo Rescue: Saved From Eid Sacrifice
The Anatomy of the Theft: Unpacking the Phone Compromise
The criminal strategy did not rely on a simple copycat messaging account with a downloaded display picture. Instead, cyber investigators discovered that the attackers had deployed a multi-stage technical trap to gain access.
First, the attackers sent a malicious file to one of the company’s internal staff members, gaining backdoor access to their mobile device.
Once inside, the hackers modified the employee’s local contact storage directory.
They subtly swapped Naresh Gujral’s real phone number with their own fraudulent line while preserving his legitimate contact name and profile picture.
Consequently, when the hackers messaged the company’s Chief Financial Officer (CFO) to demand urgent funds for business needs, the incoming text appeared on the device under the executive’s verified contact profile, masking the scam.
Slicing Through the Financial Theft and Mule Account Routing Matrix
The stolen funds were quickly spread across a complex network of bank accounts spanning multiple states to break the money trail before algorithms could flag the transactions:
| Step in the Money Trail | Targeted Banking Centers Used | Immediate Transaction Mechanics | Current Enforcement Recovery Metrics |
| Stage 1: Primary Drop | Accounts in Maharashtra & Andhra Pradesh. | Split into 4 large RTGS transfers over 4 days. | Flagged by bank compliance teams due to unusually large sums. |
| Stage 2: Secondary Split | Fragmented across 30 to 40 accounts. | Rapid electronic transfers executed within minutes. | Monitored closely via automated fraud tracking systems. |
| Stage 3: Mule Cash Outs | Wide-reaching local ATM networks. | Immediate physical withdrawals by local handlers. | Shuts down recovery paths once physical cash leaves the branch. |
| Total Incident Pool | Global Enterprise Accounts Asset | Total Loss Logged: ₹7,68,00,000 | Total Frozen: ₹4,28,00,000 (Lien Active) |
Note: Because the family acted quickly to report the incident to the central cybercrime helpline “1930,” Delhi Police IFSO teams moved fast to place an immediate lien on the receiving bank layers. This rapid action successfully froze ₹4.28 crore (roughly 70% of the stolen funds) before the money mules could withdraw it.
The underlying details of the police investigation show that modern businesses can no longer trust text-based approvals for large financial movements.
To insulate corporate treasuries from sophisticated identity spoofing, compliance experts are urging firms to eliminate text-only authorizations.
Any high-value money transfer requested through a chat app must be independently verified using a direct, voice-to-voice phone call over a trusted communication line before a single rupee leaves the account.
Also Read | Viral Trump Lookalike Buffalo Rescue: Saved From Eid Sacrifice
Five Sequence Steps to Insulate Corporate Assets from Identity Spoofing
To build a secure protective shield around your company’s bank accounts and protect your financial staff from falling victim to identity theft scams, deploy this five-step safety routine:
Ultimately, building a resilient defense against cybercrime requires combining advanced security tools with smart, disciplined workplace habits. While sovereign tech innovators like Bengaluru’s Sarvam build independent software networks to safeguard data assets, business leaders must actively protect their daily communication lines.
By eliminating single-point vulnerabilities, requiring multi-person sign-offs for large transfers, and verifying urgent text requests with a direct phone call, you can keep your company’s assets secure.
Taking these proactive steps protects your hard-earned capital, preserves your organization’s financial stability, and keeps your operations safe from evolving digital threats.
FAQ Section
What core vulnerability was exploited in the ₹7.68 crore Naresh Gujral cyber fraud case?
The fraudsters used a highly sophisticated text-spoofing trap to bypass standard business checks. They sent a malicious file to an employee’s phone to gain backdoor access, and then silently modified the contact directory—replacing the executive’s real number with their own fraudulent line. This caused urgent payment demands to appear on the device under the executive’s verified contact profile, tricking the CFO into approving the transfers.
How much of the stolen money was recovered after the family filed a complaint?
Because the family acted quickly to report the incident to the national cybercrime helpline “1930,” the Delhi Police Cyber Cell moved fast to follow the money trail. Security forces successfully placed a lien on the receiving bank layers, freezing ₹4.28 crore (roughly 70% of the total stolen funds) before the money could be withdrawn.
What is the single most effective way to protect a business from WhatsApp impersonation scams?
The most reliable safeguard is implementing an absolute out-of-band verification rule. Financial teams must never process an RTGS or wire transfer based purely on a text message or chat request. Any digital demand for money must be confirmed using a direct, face-to-face talk or a voice-to-voice phone call to a verified number before funds are moved.
Also Read | Viral Trump Lookalike Buffalo Rescue: Saved From Eid Sacrifice
End..
Add businessleague.in as a Preferred Source
