Capillary Technologies hit by cyber fraud, ₹33 Crore Siphoned off by suspected 'boss scam'
AI is becoming a major nightmare in the world of Digital Trust & Cyber Safety. If a BSE listed firm can be a victim to this attack, it raises a serious alarm for Indian corporates.
Bengaluru, July 6, 2026, In a terrifying display of how artificial intelligence has become the ultimate weapon for financial criminals, Capillary Technologies India Limited has revealed that one of its recently acquired overseas step-down subsidiaries fell victim to a highly sophisticated cyber-enabled banking fraud.
Fraudsters used advanced deepfake technologies, including voice cloning, signature forging, and social engineering, to impersonate Key Managerial Personnel (KMPs) and fraudulently transfer approximately EUR 3 million (around ₹32.7 crore at current exchange rates of ~₹109 per EUR).
The disclosure, filed today with BSE and NSE under Regulation 30, describes a chilling “weekend heist” that relied on “very advanced deep-fake methodologies” to bypass controls and move funds to unauthorised third-party accounts.
The company acted with lightning speed upon discovery, recovering EUR 0.45 million (approximately ₹4.9 crore) and tracing additional funds, which banks have now placed on hold, significantly reducing the amount at risk.
The exact quantum still frozen is yet to be confirmed.
How the Fraud Unfolded: Deepfakes Meet Corporate Trust
According to the company’s filing, the attackers did not rely on crude phishing or simple email compromise.
Instead, they deployed cutting-edge AI tools to clone voices and forge signatures, impersonating senior executives with “terrifying precision” to authorise the wire transfers.
The incident occurred just before the weekend, forcing the company to prioritise immediate containment, engaging banks, law-enforcement agencies, and cybercrime authorities, over instant disclosure.
The subsidiary is covered under a cyber and crime insurance policy; the insurer has been notified, and the company is assessing coverage and net financial impact.
Crucially, Capillary has stated there is no evidence of any compromise to customer data, employee data, or the company’s technology infrastructure.
Business operations continue normally, and the company sees no need to revise its annual or long-term goals.
Possible Link to the ‘Boss Scam’ Wave? A Strong Caveat
This incident bears striking similarities to the “Boss Scam” (also called CEO impersonation fraud) that has exploded across Indian companies in recent months.
In these attacks, fraudsters often hijack executives’ WhatsApp accounts by tricking them (or their teams) into opening malicious ZIP files containing .exe and .dll malware.
Once installed, the malware steals WhatsApp Web session tokens, allowing criminals to send urgent payment instructions from the executive’s own verified account, sometimes backed by AI voice clones or deepfake video calls to “confirm” the transfer.
Recent advisories from the Indian Cyber Crime Coordination Centre (I4C) and state police forces have specifically warned about this exact combination: social engineering + malware-laden attachments + deepfake voice/video impersonation for large fund transfers.
The ongoing investigation by law-enforcement and cybercrime authorities will determine the precise attack chain.
Company’s Swift Response and Regulatory Disclosure
In its letter to the exchanges, Capillary emphasised that protecting funds was the immediate priority.
The company undertook “all necessary and time-sensitive actions” over the weekend and is extending full cooperation to investigators.
It has also sought the forbearance of the stock exchanges for the slight delay in disclosure, explaining that operational recovery efforts took precedence.
The matter remains under active investigation.
The company has pledged to provide material updates in line with SEBI Listing Regulations.
A Wake-Up Call for Corporate India
This case is a stark reminder that even listed companies with robust systems are vulnerable when AI deepfakes collide with human trust and social engineering.
Traditional controls, email verification, single approvals, or even basic voice calls, are no longer enough against cloned voices that sound identical to the real CFO or CEO.
Capillary Technologies India Limited (BSE: 544614 | NSE: CAPILLARY), a Bengaluru-headquartered retail technology and customer engagement platform, has handled the crisis with transparency by promptly informing investors and regulators.
As the investigation unfolds, one thing is clear: the era of AI-powered corporate heists has arrived.
Companies must urgently adopt multi-level out-of-band verifications, video call confirmations with known visual cues, and strict “two-approver” rules for large transfers, because the next deepfake call could already be on its way.