Mumbai: In a major cyber fraud incident, a prominent salt manufacturing company with operations in Gujarat and Mumbai reported unauthorised net banking transactions totalling Rs 1.14 crore. The fraud, which involved unauthorised change of linked email addresses and mobile numbers with the bank, was discovered due to an unexpected error when attempting to access the net banking portal. Instead of the usual password prompt, the system displayed a “Wrong Password” error. After initiating a password reset via the linked email, the team learned that since January, a total amount of Rs 1.14 crore was illegally transferred into four different accounts.
The complainant, a longstanding entrepreneur, runs a salt manufacturing and selling business in Bharuch, Gujarat, with additional offices in Vadodara, and Matunga in Mumbai. The business operates through three companies. All financial transactions for these companies are conducted via net banking using dedicated login credentials for each account. However, for transaction confirmation, all three accounts are linked to a common mobile number for OTP verification.
On Jan 21, 2025, the senior accountant reported that when attempting to transact through the net banking portal of one of their companies, the system displayed a “Wrong Password” error. After initiating a password reset via the linked email and regaining access, it was revealed that an amount of Rs 49,94,779 was transferred from the account on January 19, 2025. Subsequent attempts to access the other two company accounts also resulted in “Wrong Password” errors, prompting an immediate inquiry at the bank’s Dadar branch.
Upon further investigation, it transpired that between Jan 17-20, 2025, an unknown individual breached the netbanking systems of all three company accounts. The hacker not only diverted funds but also changed the email addresses and mobile numbers associated with the accounts, obstructing the legitimate account holders’ access. The company immediately instructed the bank manager to freeze the affected accounts. Notably, none of the usual transaction alert messages were received on the linked email addresses or mobile number, said an official.