Hindustan Aeronautics Limited (HAL), one of India’s leading defence and aerospace manufacturers, suffered a cyber fraud amounting to Rs 55 lakh after scammers impersonated a US-based supplier and altered an email address to deceive the company.

Fraud Discovered After Payment Sent to Wrong Account

The scam was uncovered when HAL realised that a payment made for aircraft parts had not reached the intended recipient. According to a report by Mint, the cybercriminals manipulated HAL’s Kanpur branch into believing they were corresponding with PS Engineering Inc., a legitimate US-based supplier.

The deception was based on a subtle but critical alteration in the email address. The original email ID, gledbetter@ps-engineering.com, was modified by the scammers to jlane@ps-enginering.com, omitting one of the two 'e' letters in the word 'engineering.'

How the Scam Unfolded

In May 2024, HAL initiated a purchase of aircraft parts from PS Engineering Inc. Unbeknownst to the company, cybercriminals were likely monitoring their communications. At a later stage, the fraudsters sent a fraudulent email requesting payment of $63,405 (approximately Rs 55 lakh). Believing the request to be genuine, HAL proceeded with the payment, which was then routed to the scammers' account instead of the real supplier.

The fraud came to light only when PS Engineering Inc. reached out to HAL, informing them that they had not received the payment. A subsequent internal review at HAL confirmed that the email ID used for the transaction was fraudulent.

Authorities Investigate the Cybercrime

Following the discovery of the fraud, Ashok Kumar Singh, Additional General Manager at HAL Kanpur, lodged an official complaint with the Cyber Police on March 13. Authorities are now investigating whether the scam originated from another US-based company or an Indian cybercrime group.

Deputy Commissioner of Police (DCP) Crime, Anjali Vishwakarma, confirmed the nature of the scam to NDTV, stating that the fraud resulted from a seemingly minor but significant alteration in the email address. “Somewhere in the middle, the proper email was replaced with a fake one. The only difference was the missing letter ‘e’,” she explained.

The cyber fraud targeting HAL underscores the growing threats of email-based scams and financial deception in corporate transactions. The incident highlights the need for stringent cybersecurity measures, including enhanced email verification protocols and multi-level authentication for financial transactions. As the investigation continues, authorities are working to identify those responsible and prevent similar attacks in the future.