Hindustan Aeronautics Limited (HAL), Kanpur, found itself as the latest victim of cyber fraud after they didn’t notice missing letter “e” in one of the email IDs and ended up losing Rs 55 lakh to cyber criminals. The fraudsters, operating with a nearly identical email ID to that of a genuine American supplier, manipulated bank details and rerouted the payment to their account. The cyber fraud, now under police investigation, has exposed vulnerabilities in high-stakes international transactions.
What happened?
HAL, a public sector aerospace and defence company, frequently imports fighter jet components from global suppliers. In 2024, the company was in negotiations with the US-based firm PS Engineering Inc for aircraft parts.
On May 3, HAL requested a quotation for three specific components. The official correspondence was conducted via the legitimate email ID, gledbetter@ps-engineering.com. However, unknown cybercriminals, who had likely been monitoring the email exchange, created a deceptive email ID with just one missing letter “e” in engineering, jlane@ps-enginering.com.
The fraudsters, posing as the vendor, provided altered bank details and convinced HAL to transfer the amount. A sum of $63,405 (Rs 55 lakh) was deposited into the wrong account before anyone realised the deception.
The fraud came to light when PS Engineering Inc informed HAL that they had not received any payment. Alarmed HAL officials reviewed their transaction details and discovered the fraudulent email ID.
Following the revelation, Additional General Manager of HAL Kanpur Ashok Kumar Singh lodged an FIR at the Cyber Police Station, setting off an official investigation.
Investigating officers suspect that the cybercriminals may have hacked HAL’s email servers or intercepted communications to execute the fraud. The police have roped in cybersecurity experts from IIT Kanpur to trace the origins of the fraudulent account and track down the perpetrators.