SOURCE: AFI
In a stark reminder of the growing menace of cybercrime, Hindustan Aeronautics Limited (HAL), one of India’s premier aerospace and defense companies, has been duped of $63,000 (approximately Rs 55 lakh) in an online scam. The incident, which unfolded during a procurement deal with a US-based company, has prompted HAL to lodge a police complaint, and a case has been registered under the Information Technology (IT) Act.
The scam came to light after HAL’s Kanpur division initiated a transaction to purchase three fighter aircraft parts from PS Engineering Incorporated, a US-based firm, in May 2024. What began as a legitimate business exchange took a sinister turn when a fraudulent email ID infiltrated the communication chain, leading to the siphoning of funds into a fake account.
According to HAL Kanpur’s Additional General Manager, Ashok Kumar Singh, who filed the police complaint on March 13, the company had initially engaged in discussions with PS Engineering Incorporated using a legitimate email address. However, at some point during the email correspondence, a fake email ID replaced the authentic one. The difference between the two email addresses was subtle yet catastrophic—a single missing letter ‘e’—which went unnoticed by HAL’s team.
“HAL got in touch with a US company, PS Engineering Incorporated, to buy aircraft parts. When the talks began, there was a legitimate email ID. Somewhere in the middle, the proper email was replaced with a fake one,” explained Deputy Commissioner of Police (DCP) Crime, Anjali Vishwakarma. “Due to this mistake being overlooked, HAL made the payment into a wrong account, which was not the account of the proper vendor.”
The fraudulent email, though nearly identical to the original, directed HAL to transfer the payment of $63,000 to a bank account controlled by the scammers. It was only when the legitimate vendor, PS Engineering Incorporated, raised concerns about non-payment that HAL realized it had been deceived. By then, the money had already been siphoned off into the fraudster’s account.
The incident falls under the category of Business Email Compromise (BEC), a type of cybercrime where scammers impersonate legitimate entities to trick organizations into transferring money or sensitive information. BEC scams often exploit human error and rely on subtle manipulations, such as slightly altered email addresses or domains, to deceive their targets. In HAL’s case, the missing ‘e’ in the email address proved to be the Achilles’ heel that cost the company dearly.
“When the vendor said that he did not receive any payment, then this fraud came into limelight. In this, HAL has paid approximately $63,000, i.e., Rs 55 lakh, into a fraudulent account,” DCP Vishwakarma added.
Following the discovery of the scam, HAL promptly reported the matter to the authorities. A formal complaint was lodged by Ashok Kumar Singh at the Kanpur police station, leading to the registration of a case under the IT Act. The police have launched an investigation to trace the fraudulent account and identify the perpetrators behind the scam. However, recovering the lost funds in such cases often proves challenging, as cybercriminals frequently operate across borders and use sophisticated methods to cover their tracks.
NOTE: AFI is a proud outsourced content creator partner of IDRW.ORG. All content created by AFI is the sole property of AFI and is protected by copyright. AFI takes copyright infringement seriously and will pursue all legal options available to protect its content.