In a shocking case of cyber fraud, a Bengaluru-based bank has reportedly lost ₹38.2 lakh after cybercriminals tricked its staff through a spoofed email and phone call scam. The fraudster posed as a representative of a well-known real estate company, sending an email that appeared to come from the company’s official account. Falling for the deception, the bank processed a large RTGS transaction — only to discover the fraud the next day.
According to reports, the incident occurred last Wednesday around 11 a.m. when a staff member at the bank’s local branch received a call from a man claiming to be an authorized representative of a real estate developer. The caller referred to an email that requested urgent payment and insisted the transaction be completed immediately. The email address seemed authentic, matching the company’s domain closely enough to avoid suspicion. Acting in good faith, the bank employee processed the ₹38.2 lakh RTGS transfer to the account details shared in the email.
The fraud came to light the following day when the actual representative of the real estate company contacted the bank to inquire about the payment. The representative denied authorizing any such transaction, prompting the bank to review the email trail. Upon examining the email header, the staff discovered that the message had been sent from a spoofed email ID — cleverly crafted to mimic the legitimate one.
Realizing the gravity of the situation, the bank immediately filed a complaint on the National Cyber Crime Reporting Portal and later lodged an FIR with the East Division Cyber Crime Police Station. Officials have invoked relevant sections under the Information Technology Act and the Bharatiya Nyaya Sanhita (BNS) to initiate a full-scale investigation.
Authorities are now tracking the money trail to identify where the transferred funds were moved. Investigators are also analyzing how the spoofed email was created and whether the cybercriminals had any inside assistance or prior knowledge of the bank’s communication protocols. Preliminary findings suggest that the fraudsters executed the plan with meticulous preparation, exploiting small lapses in verification procedures.
A senior police officer stated that the team is coordinating with multiple banks to trace the fraudulent account used in the transaction. “We are tracking digital footprints, including IP addresses, communication logs, and fund movement patterns to identify the culprits,” the officer added.
Following the incident, the bank has enhanced its internal cyber vigilance mechanisms and issued an advisory to all employees emphasizing the importance of verifying payment instructions — especially those received via email or phone. The management has also reminded staff to double-check sender domains, verify with known contacts, and confirm high-value transfers through secure communication channels before processing.
The Bengaluru incident underscores the growing sophistication of cyber frauds targeting banks and financial institutions across India. Cyber experts warn that email spoofing and business email compromise (BEC) scams have surged in recent years, often leading to multi-crore losses. In such cases, attackers use forged email headers, cloned websites, and psychological manipulation to pressure employees into making unauthorized transactions.
Experts also advise institutions to adopt multi-factor verification systems, train staff to spot suspicious messages, and establish real-time fund recall mechanisms to minimize losses in case of fraud.
As online transactions grow exponentially, both organizations and individuals must stay alert. Even a minor lapse in verifying sender authenticity can lead to massive financial damage. The Bengaluru bank case serves as yet another reminder that cyber vigilance is not just an IT issue — it’s an operational necessity for every business in today’s digital age.
