Photo: Dr. Reddy’s Laboratories Headquarters – Creative Commons

In a significant case of corporate cyber fraud, Dr. Reddy’s Laboratories Ltd. has lost Rs 2.16 crore after hackers intercepted email communications and impersonated executives from Group Pharmaceuticals Ltd., diverting a payment to a fraudulent bank account. The incident, which came to light in early November 2025, underscores the increasing sophistication of cybercriminals targeting the pharmaceutical sector’s financial transactions.

The Fraudulent Scheme

The perpetrators employed an advanced email spoofing technique by creating a fake email address nearly identical to the legitimate one, differing only in capitalization—’KKeshav@Grouppharma.in’ instead of the genuine ‘kkeshav@grouppharma.in’. Using this fraudulent email, they sent payment instructions to Dr. Reddy’s finance team, requesting the transfer of Rs 2.16 crore to a Bank of Baroda account under their control.

Detection and Legal Action

Group Pharmaceuticals detected the fraud after failing to receive the expected payment and immediately filed a First Information Report (FIR) with the Bengaluru City Cyber Crime Police. The case has been registered under Sections 66(C) and 66(D) of the Information Technology Act, addressing identity theft and cheating by impersonation, alongside relevant sections of the Indian Penal Code. Authorities have traced the accused to Vadodara, Gujarat, and efforts are ongoing to freeze the fraudulent account and recover the misappropriated funds.

Cybersecurity Lessons

This case highlights the critical need for companies to implement robust cybersecurity protocols, including multi-factor authentication for financial transactions, rigorous email verification processes, and staff training to identify fraudulent communications. As cyber fraud continues to evolve in complexity, organizations must stay vigilant and proactive in safeguarding their digital and financial assets.