An electronics company in Andheri east has been allegedly duped of Rs 7 lakh in a cyber fraud using email spoofing. A first information report (FIR) was registered at the MIDC police station on May 7 based on the complaint of the 51-year-old accountant of the company.
According to the complaint, the company gets supplies from another company, based in Gujarat. In February, it received an email purportedly sent by the Gujarat-based company asking it to send pending dues of Rs 7 lakh to a new account saying there was some issues with the old bank account.
The complainant said that he replied to the email saying he wanted them to send a cancelled cheque issued in the name of the company. The accused allegedly forged a cancelled cheque in the name of the Gujarat-based company and sent the complainant a scanned copy by email. The complainant ended up believing it was true and updated the bank account in February, the complaint said.
On May 2, the complainant made the payment of Rs 7 lakh and a representative from his company called up the Gujarat company to ask if the payment was received. When the complainant’s company was informed that no payment had been received and they never sent any emails to change the bank account, the complainant realised that he had been cheated and approached the police.
What is email spoofing?
Email spoofing is a technique used by cyber fraudsters where they send emails with a forged sender address and trick the recipient into believing someone known to them, like their client or business partners, has sent them an email. The technique is used for hacking your account, sending malware or tricking you into sending money.
1. Always make a phone call to your client when you see a change in the bank account number.
2. Make a mandatory phone call or SMS to cross check the credentials of the email before making monetary transactions.
3. Apprise all employees on attacks like email spoofing and man in the middle attack so they can check the emails properly and also make a phone call before making a transaction to a new bank account.
4. Never put the email id on a website which is being used by you for money transactions. Use a confidential email id for money transactions.
5. Install a good security system.
6. Do not click on URLs sent in emails from strangers luring you with some or another offer.