Pune Local

Pune: Approx. 24k Euros Loss In Cyber Fraud Due To Change Of A Letter In The Email Address

24k euros loss in cyber fraud because of change in email address.

In today’s digital age, where communication and transactions heavily rely on email exchanges, cyber fraud has become a grave concern for businesses worldwide. A recent incident involving a Pune-based engineering supplies firm highlights the devastating consequences that can result from a simple change of a letter in an email address. This article aims to shed light on the incident, examine the modus operandi of such cyber attacks, and provide comprehensive guidance on essential measures to safeguard your business against similar threats.

The costly mistake: a lesson learned

Earlier this year, a Pune-based firm fell victim to a suspected “man-in-the-middle” cyber attack, resulting in a loss of over 24,000 Euros (approximately more than Rs 22 lakh). The attack capitalized on a minute discrepancy—a single letter—between the email address of a sales manager from a French company and that of the cyber criminals. Exploiting this seemingly inconspicuous difference, the fraudsters tricked the Pune-based firm into depositing the funds into an alleged fraudulent Portuguese bank account, rather than the intended account in a Paris-headquartered bank.

The sequence of events unfolded over the course of several months, starting from January and lasting until March. The Pune-based firm, engaged in supplying engineering equipment to Indian companies in the mining, construction, and manufacturing sectors, placed an order exceeding 51,000 Euros. The order was sent to the email address of a sales manager from the French company, with whom they had a longstanding business relationship. In response, the French company provided a pro-forma invoice as an acknowledgment.

Shortly after, the Pune-based firm received an email claiming that their usual bank account and SWIFT (Society for Worldwide Interbank Financial Telecommunication) code were inaccessible. The message instructed them to make the payment to a new account held by a Lisbon-based bank. Trusting the authenticity of the communication, the executives of the Pune-based firm advanced 24,589 Euros to the new account. However, when they later contacted the French company regarding the equipment shipment, it became evident that the payment had not been received. Upon reviewing the previous correspondence, they discovered that the email notifying the change in the bank account had originated from a fraudulent address, differing from the legitimate French entity’s email address by only one letter—an ‘a’ instead of an ‘e.’

Unmasking the man-in-the-middle attack

To better comprehend the modus operandi employed by cyber criminals in this “man-in-the-middle” attack, it is crucial to understand the underlying techniques they employ. The initial step involves hacking the email accounts of the entities engaged in the business transaction. By gaining unauthorized access to these accounts, the criminals obtain crucial details regarding ongoing dealings and orders. Subsequently, they create a counterfeit email account closely resembling that of one of the legitimate participants. Using the gathered information, the fraudsters initiate communication from the fake account, gaining the trust of their targets.

Once trust is established, the cyber criminals exploit their position to misdirect payments. In the case discussed here, they employed the fraudulent email address to communicate the non-functionality of the original bank account and to provide details of an alternative account under their control. Unsuspecting victims, lacking awareness of the ongoing fraud, unwittingly deposit funds into the hacker’s account.

Safeguarding your business: best practices for cyber hygiene

To fortify your business against such cyber fraud and mitigate the risks associated with man-in-the-middle attacks, it is imperative to implement robust security measures and cultivate cyber hygiene among your employees. Consider the following essential guidelines:

Regularly review security features

  • Periodically review and update the security features of your email accounts and mailing systems to ensure they are fortified against potential vulnerabilities. Regular software updates, patches, and strong encryption protocols should be maintained.

Deploy digital signatures

  • Incorporate digital signatures in your email communications as an additional layer of authentication. Digital signatures help verify the integrity of the sender and establish trust between the communicating parties.

Educate staff on cyber etiquettes and hygiene

  • Provide comprehensive training to your employees regarding cyber etiquettes, best practices, and potential fraud risks. By cultivating a culture of cyber awareness, your staff will be better equipped to identify and respond to suspicious activities, ultimately strengthening your organization’s security posture.

Verify changes in banking details

  • When receiving notifications of changes in banking details, exercise caution and adopt stringent verification procedures. Confirm the new account information through direct communication or telephonic conversation with authorized personnel. Never solely rely on email correspondence for critical financial matters.

Scrutinize domain names

  • When dealing with business entities via email, diligently scrutinize the authenticity of domain names. Verify that the domain corresponds precisely with the legitimate company’s name and cross-reference it with their official website or known contact information.

Promptly report suspected fraud

  • In the unfortunate event of falling victim to cyber fraud or suspecting fraudulent activity, promptly report the incident to your organization’s cybercrime cell or local law enforcement authorities. Immediate action within 48 hours can significantly increase the chances of apprehending the criminals and recovering any potential losses.

Implementing these cybersecurity measures will help fortify your business against man-in-the-middle attacks and similar cyber fraud schemes. By cultivating a proactive approach to cyber hygiene and investing in robust security measures, you can safeguard your business’s financial transactions and protect the integrity of your organization’s reputation.

Remember, cybercrime prevention is a continuous effort that requires vigilance, adaptability, and staying up-to-date with emerging threats. By embracing these cybersecurity practices, you can mitigate risks, enhance your business’s resilience, and ensure a secure digital future.


What's your reaction?

Leave A Reply

Your email address will not be published. Required fields are marked *