Mumbai: Food firm loses Rs 14 lakh to fake airline contract

A Mumbai-based businessman allegedly fell prey to a sophisticated man-in-the-middle (MITM) cyber fraud, losing approximately Rs 14 lakh to a fake airline contract renewal scheme. The complainant, who owns a food production company, was contacted via email by someone posing as an Emirates representative and was asked to pay a “mandatory registration refundable deposit” of $16,200.

This particular incident of fraud took place in February. According to the complainant, their food production company provides catering services to various airlines and is a well-known name in both the wholesale and retail sweets business. The complainant, who is the company’s director, approached the police in the last week of March. Speaking extensively with mid-day, he detailed how the scheme unfolded.

“We were an old supplier to Emirates in Dubai, UAE. The scamster posed as an Emirates Flight Catering employee and sent us documents for vendor registration, along with a request for a refundable fee to supply sweets and snacks to the company. Since we are old suppliers to them, we shared our company details for registration. However, in the first week of March, we discovered that the employee we had been communicating with—Abdullah Mansoor—did not exist,” said the complainant, adding that the alleged fraudster had impersonated F Masoor from the procurement department.

“Nobody would be able to tell the difference between the real and the fake. Even my employees and I, who have dealt with the real F Masoor, couldn`t detect that we were dealing with an impersonator,” he added.

As per the vendor registration policy, the victim’s company was asked to $16,200 as a 100 per cent refundable vendor registration fee to be eligible for tenders and supply requirements.

During the course of the ‘deal,’ the scamster provided all the necessary documents, including terms of trade, a vendor agreement printed on The Emirates Group letterhead, and an official-looking Emirates stamp with a legitimate address. Believing the documents to be authentic, the victim’s company transferred the money through an internal bank transfer via SWIFT—a global banking system used for secure cross-border and interbank transactions.

After receiving the money, the scamster demanded an additional payment of AED 300,000. However, the complainant refused to comply. The fraud came to light when the complainant contacted an Emirates Flight Catering representative, only to learn that no employee named Abdullah Mansoor existed in their team. The representative also revealed that similar fraud cases had occurred in Dubai, using the same modus operandi.

Along with the Mumbai police’s cyber cell, the complainant and his team coordinated with the Dubai Police and Interpol to seek clarity and assistance. “We had multiple communications with the banks, the police, and Interpol, and the cyber police here stood strongly with us, swiftly assisting at every step,” said the complainant.

He added, “We were cheated as the international transfer was processed through the bank via SWIFT to an IBAN (International Bank Account Number), which we later discovered, through the bank, belonged to a person named Bibek Kumar Loniya. However, there were no funds left in the account, as the money we sent had already been withdrawn. Our bank and the police have informed Emirates NBD Bank about the fraud, and they have marked a lien on the account.”

The victim’s complaint was registered as a First Information Report (FIR) on March 28, and the Mumbai police’s cyber cell has launched a formal investigation. “This is a case of MITM/MIM attacks, wherein hackers intercept and manipulate communication between legitimate parties. Business owners are advised to verify contract-related emails through official channels and exercise caution when processing large payments,” said a police official.

Rs 69lakh
Addl. amount fraudster tried to extract from victim

What is an MITM attack?

A man-in-the-middle (MITM) attack is a form of cybercrime wherein an attacker secretly intercepts and potentially alters communication between two parties, making them believe they are directly interacting with each other. This type of attack is especially common in email-based financial transactions, where fraudsters manipulate payment details to redirect funds into their own accounts. The attacker can access and alter the data and also inject malicious code.

Recent MITM incidents in Mumbai

December 2024: Cyber fraudsters compromised the email accounts of two senior executives at an Andheri-based chemical manufacturing company. By impersonating them, the fraudsters instructed an Egypt-based client to transfer $153,600 (approximately R1.33 crore) to a fraudulent bank account.

March 2024: A Tardeo-based school fell prey to an MITM attack after a fraudster, masquerading as a contractor, sent emails requesting payment for a cafeteria project. Unaware of the scam, the school transferred Rs 87.3 lakh to a bogus account. Fortunately, due to timely intervention by the cyber police, the fraudulent bank account was frozen, leading to the recovery of Rs 82.6 lakh.