Mumbai : A maritime brokerage firm in Mumbai fell victim to a sophisticated cyber fraud, losing nearly ₹30 lakh after hackers altered just one letter in an email address to deceive the company.
According to police, the company’s finance head and manager received an email on August 19, 2025, that appeared to be from their long-time US-based business partner. The genuine email address was finance3@air7seas.us, but the fraudsters created a fake one — finance3@a1r7seas.us — replacing the letter “i” with the numeral “1”.
Believing the message to be legitimate, the company followed instructions in the email and transferred around ₹29 lakh to a new bank account mentioned in the message. Weeks later, on October 3, the firm discovered that their US partner had never requested a bank change or received any payment. Closer inspection revealed the subtle alteration in the sender’s email address.
The company immediately lodged a complaint with the Mumbai Pre-Zone Cyber Police, who have registered a case and launched an investigation. Officers suspect it to be a “man-in-the-middle” cyber attack, where hackers intercept or mimic communication between two trusted parties.
Expert Warning
Cyber experts have cautioned that even minor typographical changes in email addresses — such as swapping letters with similar-looking numbers — can lead to massive financial losses. Businesses are advised to verify all fund transfer requests through phone or video confirmation and implement multi-step verification processes for large transactions.
