GeoSquare Logo GEOSQUARE

Pune Poultry Firm Falls Victim to Sophisticated Whale Phishing Scam, Loses Rs 70 Lakh

Published: April 26, 2026 | Category: Real Estate Pune
Pune Poultry Firm Falls Victim to Sophisticated Whale Phishing Scam, Loses Rs 70 Lakh

A poultry company in Pune fell prey to a sophisticated variant of a whale phishing scam, where cyber fraudsters hacked and compromised the mobile phone of an accountant and tampered with his contact list to impersonate the company’s Chief Executive Officer (CEO), manipulating the accountant into transferring Rs 70 lakh to mule accounts.

An FIR in the case was registered on April 25, at the Cyber Crime police station of the Pimpri Chinchwad police by the CEO of the poultry products company in Ravet.

The fraudulent incident took place on the afternoon of April 15 when the accountant of the company received a WhatsApp message from a number which had the name and display picture of the CEO. The message even referred to a previous communication and then directed the accountant to transfer Rs 70 to a particular account. The accountant transferred the money. A while later, the same sender asked the accountant to transfer Rs 30 lakh to a different account. At this point, the accountant got suspicious and asked if such directions were being given. It came to light that the firm had been defrauded. The company officials subsequently approached the Cyber Crime police station of Pimpri Chinchwad police and an FIR was registered.

An officer who is part of the probe explained why this was a sophisticated variant of the scam, “In the conventional whale phishing scams, fraudsters typically rely on an unknown number using the CEO’s or company head’s display picture to appear credible and initiate fresh communication. This particular case involved a deeper compromise of the accountant’s phone, including manipulation of his saved contacts list. We have found that in the accountant’s phone which was hacked, the cyber fraudsters saved the actual number of the company CEO with a different name. They saved a fraudulent number with the CEO’s name and his display picture on WhatsApp. This significantly enhanced perceived authenticity.”

The officer added that cyber fraudsters also gained access to the accountant’s existing WhatsApp chats with the CEO and continued the conversation within the same thread, mimicking prior communication patterns and context. “This made the fraudulent instruction appear as part of an ongoing, legitimate exchange rather than a suspicious new request,” he noted.

The Whale Phishing attacks, also known as ‘spear phishing attacks’ or ‘CEO scams,’ are highly focused on specific individuals in companies and corporate entities. These scams specifically target senior officials of the companies who handle finances. The term “whale phishing” emphasizes the targeting of key figures in the companies. Since 2022, the Pune City and Pimpri Chinchwad police have together registered more than a dozen cases of ‘whale phishing attacks’.

In one such case, Pune-headquartered global vaccine major Serum Institute of India was cheated of Rs one crore in 2022. In another case in January 2024, a real estate company in Pune lost Rs four crores in a Whale Phishing attack.

Tags:

Stay Updated with GeoSquare WhatsApp Channels

Get the latest real estate news, market insights, auctions, and project updates delivered directly to your WhatsApp. No spam, only high-value alerts.

GeoSquare Real Estate News WhatsApp Channel Preview

Never Miss a Real Estate News Update — Get Daily, High-Value Alerts on WhatsApp!

Join Channels

Frequently Asked Questions

1. What is
whale phishing scam? A: A whale phishing scam is a sophisticated form of cyber fraud where attackers specifically target high-level executives or key personnel in a company to gain unauthorized access to sensitive information or funds. It often involves impersonation and manipulation of communication channels like email and messaging apps.
2. How did the fraudsters impersonate the CEO in this case?
The fraudsters hacked the accountant's mobile phone and tampered with the contact list. They saved the actual number of the CEO with a different name and used a fraudulent number with the CEO’s name and display picture on WhatsApp. This made the fraudulent instructions appear more credible.
3. What steps can companies take to prevent such scams?
Companies can implement strong cybersecurity measures, including two-factor authentication, regular security training for employees, and strict verification processes for financial transactions. It is also advisable to use secure communication channels and to verify any unusual requests in person or through a known, trusted method.
4. How common are whale phishing attacks in Pune?
Since 2022, the Pune City and Pimpri Chinchwad police have registered more than a dozen cases of whale phishing attacks. These incidents highlight the increasing sophistication and frequency of such scams in the region.
5. What should victims of whale phishing do immediately?
Victims should immediately report the incident to their company’s IT and security departments. They should also contact their bank to alert them about the unauthorized transactions and file a police report. Prompt action can help mitigate the damage and aid in the investigation.