How Escrow Accounts Shielded Biocon from a ₹6 Crore Phishing Scam

How Escrow Accounts Shielded Biocon from a ₹6 Crore Phishing Scam

Biocon's ₹6 crore phishing escape shows how escrow accounts, like those from Castler, are redefining security in corporate transactions.

Biocon's ₹6 crore phishing escape shows how escrow accounts, like those from Castler, are redefining security in corporate transactions.

Industry News

|

April 30, 2025

-

6 MINS READ

Scam, Phishing attack, escrow account, Biocon, castler

In 2023, Biocon, a prominent Indian biopharmaceutical firm, narrowly escaped a financial loss of millions of dollars thanks to a high-level phishing attack. The episode, which used a spurious email that masqueraded as an authentic message from a reputable supplier, highlights the absolute necessity of having strong security protocols in place and the utility of escrow accounts for the protection of corporate transactions.

The Incident: A Sophisticated Phishing Attack

Biocon had made purchases of pharmaceutical products from Graviti Pharmaceuticals Pvt Ltd in Hyderabad during July 2023. On August 11, Biocon received an email, apparently from Graviti Pharma, stating a change in bank account details. Assuming the email to be genuine, Biocon made a payment of $738,182 (about ₹6.1 crore) to the new account on September 14. The email was, however, a phishing attempt, and the money was routed to scammers. (Times of India)

The Escrow Account's Role

Luckily enough, the payment was made to an escrow account, which is a third-party account with no bias holding funds until conditions are fulfilled. In this scenario, the condition was the fulfillment of the successful delivery of the goods. When Graviti Pharma raised the question regarding the delayed payment, Biocon noticed the gap and complained to the Bengaluru CEN crime police on September 21. The police moved quickly, and as the funds were still kept in the escrow account, the entire amount was refunded to Biocon.

Escrow was the key in blocking and preventing the fraud from being successful. If escrow did not exist, the funds might have been transferred immediately to offshore accounts, and it would have been virtually impossible to retrieve. This episode indicates the huge benefit of keeping funds in escrow until all the conditions of the transaction, including identification confirmation and account validity, are verified.

Understanding Escrow Accounts

An escrow account is a monetary agreement in which a third party maintains and controls payment of the money needed for two parties to a particular transaction. It makes transactions safer by keeping the payment in a safe escrow account, which is only disbursed when all of the conditions of an agreement are fulfilled. Escrow is especially effective in high-value B2B transactions, real property, online marketplaces, and cross-border trade, where verification and trust are paramount.

The Significance of Escrow for Corporate Transactions

In business deals, particularly those with high amounts, escrow accounts function as a fraud protection. They provide the assurance that money is disbursed only if conditions are met as agreed, and this is done as an added protection for both parties. This is especially important in today's world where cyber threats are becoming very sophisticated.

Corporate banking frauds, such as Business Email Compromise (BEC), have increased exponentially. BEC scams have resulted in over $43 billion of losses worldwide from 2016 to 2022, the FBI says. In India, the high digital growth has opened new avenues for fraudsters, and escrow becomes even more pertinent.

The Rising Threat of Phishing Scams

Phishing attacks, in which hackers pretend to be genuine parties in order to trick people into handing over sensitive data or transferring money, are increasing in frequency. Companies need to be on guard and have solid cybersecurity measures in place to guard against such attacks. These include training employees, strong verification, and secure transaction mechanisms such as escrow accounts.

Interestingly, hackers are even using Artificial Intelligence to impersonate voices, create false invoices, and practice social engineering that leverages human trust. Escrow accounts become an essential ultimate defense mechanism in such cases.

Biocon's Strategic Cybersecurity Takeaway

The Biocon phishing case delivers a strong message to corporate India: even the best-run and technologically advanced organizations are vulnerable to social engineering fraud. Still, organizations that construct secure financial infrastructures by incorporating instruments such as escrow stand a chance in the fight against cybercrime.

Biocon's prudence in employing an escrow mechanism became pivotal. It reflects a best practice other Indian businesses should adopt, especially when dealing with third-party suppliers, foreign payments, and large-value settlements.

How Castler can Help

Castler, India's premier escrow infrastructure platform, is specifically designed to assist businesses like Biocon to shield themselves from such weaknesses. Castler offers:

  • Bank-Integrated Escrow Accounts: Supported by India's leading banks, ensuring compliance, credibility, and real-time fund flow monitoring.

  • Online KYC & Consent Management: Authenticates vendors and beneficiaries, minimizing misdirected payment risk.

  • Intelligent Fund Release Mechanisms: Release conditions can be automated on the basis of proof of delivery, signing of documents, or third-party confirmations.

  • Fraud Monitoring & Alerts: AI-based monitoring for identifying discrepancies in beneficiary information or payment patterns.

  • Audit Trails: Open records of all actions carried out within the escrow account, facilitating compliance and investigations.

Castler's solution may be integrated with ERPs and corporate treasury systems, without causing friction in the workflows and compromising on security at the cost of convenience.

Outside Biocon: Wider Use of Escrow in Cybersecurity

Biocon is not an isolated case. In industries ranging from fintech to real estate, logistics to gaming, firms are using escrow to protect against digital payment risks. For instance:

  • In Fintech, escrow safeguards lender and borrower identities in P2P lending.

  • In Gaming, platforms may escrow funds while authenticating user identity to guarantee compliance and avoid bot-based fraud.

  • In LegalTech, contract money and confidential information can be placed in escrow until arbitration is complete.

Conclusion: Trust by Design

The Biocon episode is a stark reminder of the vulnerabilities of businesses in the era of digital technology. Adopting secure transaction practices, such as escrow accounts, is crucial in averting risks from cyber frauds. Services such as Castler enable the infrastructure necessary to ensure that business transactions are carried out in a secure, transparent, and compliance-based manner.

As India fast-forwards to a digitally empowered economy, the power to perform secure and reliable transactions will determine the champions. Escrow is not merely about keeping money—it's about keeping trust. Castler makes sure that this trust is never breached.

Written By

Chhalak Pathak

Marketing Manager

India's Largest Escrow-as-a-Service Platform

Escrow account services are complex but Castler's modular, flexible & full stack solution makes it simple for you.

Castler automates the Escrow account management and improves the user experience for managing payments and settlements. By leveraging technology to streamline these transactions, Castler makes the process more efficient, secure and convenient for its users

India's Leading Escrow Company.

Escrow Banking

Investment Escrow

Marketplace

Lending escrow

Fintech escrow

Mergers & acquisition

Regulator mandated escrow

Profit sharing

Franchisor-Franchisee

Dealer-Distributor

Dispute resolution

Litigation escrow

Liquidation

Copyright @2025 Castler (Ncome Tech Solutions Pvt. Ltd.) All rights reserved | Made in India 🇮🇳

India's Largest Escrow-as-a-Service Platform

Escrow account services are complex but Castler's modular, flexible & full stack solution makes it simple for you.

Castler automates the Escrow account management and improves the user experience for managing payments and settlements. By leveraging technology to streamline these transactions, Castler makes the process more efficient, secure and convenient for its users

India's Leading Escrow Company.

Escrow Banking

Investment Escrow

Marketplace

Lending escrow

Fintech escrow

Mergers & acquisition

Regulator mandated escrow

Profit sharing

Franchisor-Franchisee

Dealer-Distributor

Dispute resolution

Litigation escrow

Liquidation

Copyright @2024 Castler. All rights reserved. Made in India 🇮🇳

India's Largest Escrow-as-a-Service Platform

Escrow account services are complex but Castler's modular, flexible & full stack solution makes it simple for you.

Castler automates the Escrow account management and improves the user experience for managing payments and settlements. By leveraging technology to streamline these transactions, Castler makes the process more efficient, secure and convenient for its users

India's Leading Escrow Company.

Escrow Banking

Investment Escrow

Marketplace

Lending escrow

Fintech escrow

Mergers & acquisition

Regulator mandated escrow

Profit sharing

Franchisor-Franchisee

Dealer-Distributor

Dispute resolution

Litigation escrow

Liquidation

Copyright @2024 Castler. All rights reserved. Made in India 🇮🇳