Major Pharmaceutical Company Falls Victim to Elaborate Cyber Fraud
In a sophisticated cyber attack that highlights growing digital security concerns, Dr Reddy's Laboratories Ltd has suffered a significant financial loss of ₹2.16 crore to hackers who impersonated a vendor executive. The incident came to light through an FIR filed with the Bengaluru City Cyber Crime Police on November 5, as reported by Moneycontrol.
The Elaborate Email Spoofing Scheme
The fraud unfolded when cyber criminals successfully hacked into email communications between Dr Reddy's and Group Pharmaceuticals Ltd. According to the complaint filed by Mahesh Babu K from Group Pharmaceuticals, his company was expecting a legitimate payment of ₹2.16 crore from Dr Reddy's for goods supplied.
The scammers executed a classic email spoofing attack by creating an address that closely resembled the official Group Pharmaceuticals email. They used 'KKeshav@Grouppharma.in' instead of the legitimate 'kkeshav@grouppharma.in' - a subtle difference that went unnoticed by the finance team.
Posing as the vendor, the fraudsters instructed Dr Reddy's finance department to transfer the payment to a different Bank of Baroda account. Believing the email to be genuine, the officials processed the transaction to the fraudulent account.
Legal Action and Investigation Progress
Upon discovering the fraudulent transaction, Group Pharmaceuticals immediately contacted law enforcement authorities. The company sought police intervention to freeze the funds in the fake account and initiate recovery proceedings.
The investigation has revealed that the primary accused is based in Vadodara, Gujarat. Law enforcement agencies have registered the case under Sections 66(C) and 66(D) of the Information Technology Act, which deal with identity theft and cheating by impersonation using computer resources.
Additional charges have been filed under relevant provisions of the Bharatiya Nyaya Sanhita. The cyber crime unit has launched a comprehensive probe into the matter, though no arrests have been reported yet.
Alarming Rise of Cyber Frauds in India
This incident adds to the growing list of sophisticated cyber fraud cases affecting both corporations and individuals across India. Recent statistics from the Ministry of Home Affairs paint a concerning picture of the digital security landscape.
According to parliamentary disclosures made in July, Indians lost more than ₹22,000 crore to online scams last year alone. The National Cyber Crime Reporting Portal had registered cyber frauds worth ₹36.45 lakh as of February 28, 2025.
Government authorities have identified several emerging threat patterns:
- Email spoofing where criminals impersonate trusted sources
- Phishing attacks that trick victims into revealing sensitive information
- AI-powered deepfakes creating convincing fraudulent content
The Information Technology Act, 2000 continues to serve as the foundation of India's cyber law framework, addressing critical offenses including identity theft, impersonation, and cheating through digital means.
This case against Dr Reddy's Laboratories underscores the urgent need for enhanced cybersecurity protocols and employee training programs, particularly in financial departments handling large transactions.
