Background and Timeline: In a historic success for Indian cyber policing, the Bengaluru Cyber Crime Police recovered 100% of a ₹2.16 crore defrauded amount on January 5, 2026. The crime took place on November 4, 2025, involving an international email spoofing attack targeting Dr. Reddy’s Laboratories. A formal complaint was lodged on November 15 by Group Pharmaceuticals, a partner firm whose identity had been stolen, triggering a fast-track judicial process for fund restoration.   

Modus Operandi: Fraudsters operating from Nigeria gained unauthorized access to business communications and spoofed the official email ID of Keshava Group Pharmaceuticals (kkeshava@grouppharma.in). They sent a deceptive payment request to Dr. Reddy’s Laboratories, sharing fake bank details for what appeared to be a routine commercial transaction. The spoofed email closely mimicked the genuine domain and linguistic style of the partner firm, successfully misleading the accounts team into making the massive transfer.   

Victims and Financial Impact: The primary financial victim was Hyderabad-based pharmaceutical major Dr. Reddy’s Laboratories, which transferred exactly ₹2.16 crore to a fraudulent account. The amount was siphoned in phases into a mule account at a Bank of Baroda branch in Ahmedabad, Gujarat. This case represents the first instance in the country where a multi-crore defrauded sum was fully recovered and returned to the victim company via court order.   

Investigation and Agencies Involved: The Bengaluru Cyber Crime Police Station (CCB) initiated action within the “Golden Hour” after the firm’s accountant noticed the discrepancy within minutes. DCP (Crime-2) Raja Imam Kasim P and Commissioner Seemant Kumar Singh coordinated with the Ahmedabad bank to freeze the account before the money was moved. Technical analysis confirmed the spoofed email originated from a Nigerian IP address, establishing the international nature of the syndicate.   

Arrests and Suspects: While the Nigerian masterminds remain at large, the Gujarat-based mule account was found to be held by a consultancy firm operated by a 57-year-old woman named Dakshya Ben Patel. Preliminary findings suggest that the 65-year-old woman whose ID was used may have been used as a conduit without her full knowledge. Police are continuing efforts to identify the domestic facilitators who provided the technical infrastructure for the spoofing operation.   

Broader Implications and Trends: Commissioner Singh cited this as a classic example of how reporting cybercrimes within the “Golden Hour” is the only effective defense against international siphoning. The case has prompted an advisory for corporate entities to implement multi-layer approval mechanisms and strict domain authentication checks for high-value transactions. It also highlights the persistent threat of Nigerian syndicates targeting large Indian firms using highly specialized social engineering.