A multinational engineering company headquartered in Pune was defrauded to the tune of 56,000 euros or over Rs 50 lakh by way of a ‘man-in-the-middle’ cyber attack, in which the company officials fell prey to fraudulent emails.
A First Information Report in the case was filed on Tuesday at Pimpri police station, following a preliminary inquiry by the Pimpri Chinchwad Cyber Crime Cell. The cyber attack took place during an ongoing transaction between the Pune-based company and a German company over the months of August and September this year.
The ‘man-in-the-middle’ attack involves hacking of email accounts belonging to either of the parties involved in a business transaction. In these communications, the hackers get detailed information about ongoing business dealings between the involved parties and create an email account closely resembling the participant mail addresses. Through the fraudulent email, it is communicated that the original account of the other participating party is non-functional and so, the concerned deposit should be made to another account — which belongs to the hackers.
The cyber criminals in this case are suspected to have hacked into the email account of the German company and gained access to the details of communications between the two entities. According to police, the fraudsters are suspected to have created a fake mail address resembling that of the German company using which they continued communication about the financial dealing.
Officials of the Pune-based company were made to transfer 56,450 euros to a bank account belonging to the cyber criminals, as the former were made to believe that the transaction details and bank account number of the German company were changed due to technical reasons.
The complaint was registered after officials of the Pune-based company realised that they had made the transfer to a wrong bank account. The Cyber Crime Cell conducted a primary probe and referred the matter to Pimpri police station, where a criminal case was registered under the Information Technology Act and Indian Penal Code section 420 (Cheating). Senior inspector Milind Waghmare of Pimpri Police station said that they have launched a probe into the account details and email used by the cyber fraudsters.
This is not the first time a company in Pune has fallen prey to the ‘man-in-the-middle’ cyber attack. In the second half of 2019, Pimpri Chinchwad police had registered at least four cases in which companies lost thousands of dollars to cyber fraudsters. Following the same, Pimpri Chinchwad Police had issued an advisory for companies to avoid falling prey to such cyber attacks.
In October last year, the Cyber crime cell of Pimpri Chinchwad Police had facilitated the return of around Rs 50 lakh (equivalent sum in US dollars) in two separate cases, which had been transferred by two companies in the city to foreign bank accounts after falling prey to the fake emails in the same type of attack.
An officer from Pimpri Chinchwad Police said that such attacks happen when the security features of company email accounts are not updated on a regular basis and the communication between two parties happens only through this mode.
The five-point advisory issued by police last year is as follows:
-The security features of the company mail address and mailing system should be reviewed regularly and be kept updated. Digital signatures be added in email communications.
-The accounting staff from the company should be trained about various cyber frauds. It has been observed that lack of awareness among staff is a key factor when companies fall prey to such attacks.
-When a company asks to send money to a different account than the usual, the new details should be confirmed through a direct or telephonic conversation with authorised personnel.
-While dealing with business entities through the mail addresses, the authenticity of the domain names should be meticulously checked.
-In case of cheating, the Cyber Crime Cell should be immediately contacted.