Pune,10 July 2025: A Dhayari-based engineering company in Pune has fallen victim to a cyber fraud, losing over ₹2.3 crore (equivalent to €240,000) in a man-in-the-middle email scam involving an international transaction with an Italian supplier. The incident, which unfolded on June 10, has been reported to the Cyber Police Station, and a formal investigation is underway.
The company, which specializes in manufacturing automobile components and engineering equipment, had been in regular communication with a supplier based in Italy since February this year. The two parties were discussing the procurement of a high-end press bending machine, and all seemed legitimate until the day of the payment.
On June 10, the Pune-based firm received an email that appeared to be from the Italian manufacturer. The email contained updated bank account details for the payment. Believing it to be genuine, the company’s accounts department proceeded to transfer the funds without verifying the change through any secondary channel.
According to Senior Inspector Swapnali Shinde of Pune Cyber Police, the email looked authentic but contained a different bank account number than what had been previously shared. “The company acted in good faith, but unfortunately, the communication was intercepted by cybercriminals who altered the account details to redirect the funds,” she said.
The fraud came to light when the Pune firm contacted the supplier to confirm the receipt of the funds. The Italian company, however, denied receiving any money. Alarmed, the firm conducted an internal audit and discovered that the payment had gone to an unrelated and unauthorized account, confirming that they had been targeted in a man-in-the-middle (MITM) cyberattack.
This type of cybercrime involves hackers secretly inserting themselves into the communication between two trusted parties—typically via email—and impersonating one of them. It is designed to manipulate transactions or extract sensitive information. In this case, the hackers impersonated the Italian supplier and altered crucial banking information without detection.
Cyber police are now coordinating with banking authorities and digital forensics experts to trace the origin of the fraudulent emails and attempt to recover the stolen funds. However, officials have acknowledged that international cyber frauds are often complex and time-consuming due to jurisdictional challenges.
Authorities have also issued a warning to businesses involved in cross-border transactions, advising them to always verify any changes in payment instructions through independent, known communication channels such as a phone call.
The case stands as a stark reminder of the growing sophistication of cyber threats in the business world and the need for heightened vigilance, especially in international dealings.
