Overview

Alkem Laboratories, a leading Indian pharmaceutical giant, has fallen victim to a sophisticated cyber fraud, losing approximately ₹22.31 crore. The attack, which leveraged Business Email Compromise (BEC), deceived Alkem’s treasury manager into transferring funds to a fraudulent bank account. The incident highlights the growing cybersecurity threats in the corporate sector, particularly in finance-related communications.

What Happened?

According to reports, the cyber fraud unfolded between October and November 2023. The attackers impersonated senior officials from Ascend Laboratories, Alkem's U.S.-based subsidiary, and manipulated email conversations to convince the company to process a large payment.

Key Timeline of Events:

• October 27, 2023: Alkem’s Mumbai office received an email seemingly from Amit Ghare, Head of International Operations at Ascend Laboratories, requesting a refund due to excessive tax deductions.

• November 17, 2023: Another email, allegedly from Mary Smith, Ascend’s accounting manager, provided details of a U.S.-based bank account where the refund should be sent.

• Shortly After: Alkem’s treasury manager, Manoj Mishra, proceeded to transfer ₹51.30 crore via SWIFT, believing it was a legitimate request.

• November 15, 2023: A follow-up email requesting an additional ₹90 crore raised red flags. Upon verification, Alkem officials discovered that the previous emails were fraudulent.

How the Attack Happened?

The cybercriminals compromised email accounts and used domain spoofing techniques to impersonate Alkem’s U.S. subsidiary executives. The emails appeared legitimate, leading the treasury manager to approve and process the transaction.

By the time the fraud was uncovered, U.S. law enforcement had managed to seize ₹28.98 crore, which was subsequently refunded to Alkem. However, the remaining ₹22.31 crore was lost.

Investigation and Response

Alkem Laboratories immediately reported the fraud to authorities. Law enforcement agencies are conducting an ongoing investigation to track down the perpetrators. The company has also implemented enhanced cybersecurity measures to prevent similar incidents in the future.

Key Takeaways for Businesses

1. Verify Financial Transactions: Always double-check large payment requests, especially those involving changes in bank account details.

2. Use Multi-Factor Authentication (MFA): Protect email accounts with MFA to prevent unauthorized access.

3. Employee Cyber Awareness Training: Train employees to identify and report phishing and BEC scams.

4. Implement Strict Payment Authorization Protocols: Introduce multi-step verification for high-value transactions.

5. Monitor Email Security: Use email security solutions to detect spoofing and phishing attempts.

Final Thoughts

This case serves as a critical warning for businesses handling large financial transactions via email. BEC attacks continue to rise, and companies must proactively enhance their cybersecurity defenses to avoid falling victim to similar schemes.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.