A cyber fraud involving malicious zip files and impersonation tactics has left two companies poorer by nearly Rs 3.5 crore. The scam, which combined malware deployment with social engineering, allowed fraudsters to gain access to employees' mobile phones, manipulate contact lists and pose as senior company officials to authorise large fund transfers.According to a report by TOI, the fraudsters targeted accountants at two separate firms and tricked them into transferring a combined Rs 3.48 crore to bank accounts controlled by the scammers.How Did the New 'Zip File' Scam Work?The fraud began with a seemingly harmless zip file sent from an unknown mobile number. Once the recipient opened the file, the fraudster reportedly gained remote access to the employee's phone. The attacker then altered the contact list by blocking the real company executive's number and replacing it with a number controlled by the scammer.Using WhatsApp, the fraudster impersonated the company head and issued urgent instructions to transfer large sums of money.Because the messages appeared to come from trusted senior officials, the employees complied without suspecting foul play.Aluminium Trading Firm Loses Rs 1.98 CroreThe first incident involved an aluminium supplying and trading company.According to TOI, the firm's accountant received a malicious zip file on June 11. After opening it, she unknowingly allowed the attacker to access her phone.The fraudster allegedly blocked the managing director's real number and saved his own number under the MD's name. Posing as the company's chief executive through WhatsApp messages, the scammer instructed the accountant to urgently transfer Rs 1.98 crore to a bank account in Gurugram.Believing the request was genuine, the accountant directed a subordinate to complete the transaction between June 11 and June 15.The fraud was discovered later, following which the company approached the cyber police. Authorities managed to freeze Rs 87.04 lakh of the transferred amount, according to the report.Jewellery Design Firm Duped of Rs 1.5 CroreIn a strikingly similar case, a luxury gold jewellery design company lost Rs 1.5 crore.The fraudster reportedly targeted a junior accountant using the same zip-file tactic. Once access to the mobile device was obtained, the scammer blocked the director's actual phone number and replaced it with another number saved under the director's name.The fake director then instructed the employee through WhatsApp to transfer Rs 1.5 crore to a bank account belonging to a garments trader based in Ghaziabad.The junior accountant consulted a senior colleague, and both believed the instructions had come directly from company leadership. The transfer was carried out between June 12 and June 16.Cybersecurity Expert Warns BusinessesCybersecurity experts have warned that such attacks could have far-reaching consequences beyond financial losses.As quoted by TOI, cybersecurity expert Nikhil Mahadeshwar said that while these attacks targeted mobile phones, similar malicious files could also infect desktop computers and laptops, potentially causing significant damage to businesses.He stressed the importance of deploying advanced security systems capable of detecting, investigating and containing cyberattacks before they spread through an organisation.Police Launch Awareness CampaignFollowing the incidents, the cyber police have stepped up efforts to educate businesses about emerging fraud techniques.According to TOI, a recent awareness session led by DCP Bajrang Bansode focused on impersonation scams, cyber hygiene and preventive measures that companies can adopt to protect themselves from similar attacks.Officials urged businesses to verify financial instructions through multiple channels, particularly when large sums of money are involved.How Can Businesses Protect Themselves?Cybersecurity professionals recommend several precautions to reduce the risk of such attacks:Avoid opening zip files or attachments from unknown numbers or sources.Verify urgent payment requests through a direct phone call or in-person confirmation.Enable security software on company devices.Conduct regular cybersecurity awareness training for employees.Review and monitor unusual changes to contacts, messages and device settings.Report suspicious activity immediately to cybercrime authorities.Why This Scam Is Particularly DangerousUnlike traditional phishing scams, this fraud relies on both technology and trust. By taking control of a victim's device and impersonating senior management, fraudsters create a convincing illusion that makes employees more likely to comply.Inputs from TOI