‘Man-in-the-Middle’ Cyber Heist: How Change Of One Letter Cost Pune Engineering Firm Rs 22 Lakh

PUNE: In a suspected case of a ‘man-in-the-middle’ cyber attack, a Pune-based engineering supplies firm has suffered a substantial financial loss of more than 24,000 Euros (approximately more than Rs 22 lakh).

According to the Pune City police, the cybercriminals exploited a minute difference in the email address of a French company’s sales manager to deceive the Pune-based firm. The incident occurred earlier this year, and the police have initiated a thorough investigation to uncover the extent of the cyber fraud.

ALSO READ: Looking For Nodal Officers Of Banks, Telecoms, Social Media? Click The Link Here To Fetch Numbers – Details Inside

The Sequence of Events Unfolded

The Founder and CEO of the Pune-based engineering supplies firm, which caters to Indian companies in the mining, construction, and manufacturing sectors, lodged an FIR with the Wanawadi police station last week.

The probe conducted by the police has revealed that the alleged ‘man-in-the-middle’ attack took place over a span between January and March of this year.

According to cyber investigators, the Pune-based company had placed an order worth more than 51,000 euros with a French engineering major in January. The order was sent to the email address of the sales manager of the French company, with whom the Pune-based firm had maintained a longstanding business relationship.

Deceptive Communication and Payment

The French company promptly responded to the order with a pro-forma invoice as an acknowledgment. However, a few days later, the Pune-based firm received an email claiming that their regular bank account and SWIFT code with the Paris-headquartered bank were unavailable. The email instructed the firm to make the payment to a new account held by a Lisbon-based bank.

Trusting the communication and unaware of the deception, the executives of the Pune-based firm transferred an advance payment of 24,589 euros to the fraudulent account in Lisbon. Weeks later, when inquiring about the shipment status of the equipment, the Pune-based company was informed by the French entity that they were still awaiting payment. This raised suspicions, leading the firm to review the previous communication in detail.

ALSO READ: Victim Of A Cyber Attack? Now Dial 1930 & 155260 To Register Complaint And Get Your Money Back

Unraveling the Fraud

Upon closer examination, it was discovered that the email informing the change in bank account details had originated from a fraudulent email address that differed from the legitimate address by just one letter — “a” instead of “e”. Realizing the cybercrime that had befallen them, the Pune-based company approached the Pune City police to file a formal complaint.

ALSO READ: Step By Step Guide: How To File Cybercrime Complaint Online In India

Insight into ‘Man-in-the-Middle’ Attacks

Investigators from the Pune City police shed light on the modus operandi of such ‘man-in-the-middle’ cyber attacks. The criminals initiate the attack by hacking into the email accounts of entities involved in business transactions. Once they gain access, they carefully study the ongoing dealings and orders. Subsequently, they create an email address that closely resembles one of the legitimate participant’s email addresses. With this deceptive email account, the hackers gain the trust of the targeted entities by employing the information they gathered earlier.

Strengthening Cybersecurity Measures

Authorities have emphasized the importance of implementing robust cybersecurity measures to avoid falling victim to such fraudulent activities. Cybercrime investigators recommend the following cyber-hygiene measures:

• Regularly review the security features of email addresses and mailing systems.
• Add digital signatures to email communications for verification.
• Provide basic cybersecurity training to employees to raise awareness of potential cyber frauds and risks.
• Always confirm any changes in banking details through direct or telephonic communication with authorized personnel.
• Verify the authenticity of domain names when dealing with business entities through email addresses.
• In case of suspected fraud, contact the cyber crime cell immediately, preferably within 48 hours.

ALSO READ: Search All India Police Station Phone Numbers & Mail ID Through This Search Engine

Ongoing Investigation

The Pune City police have assured the affected firm and the business community at large that they are conducting a diligent investigation to trace the perpetrators of this cyber attack. The case serves as a stark reminder for all businesses to remain vigilant and take proactive steps to safeguard against cyber threats.

As the investigation continues, authorities hope to raise awareness about cybersecurity and encourage businesses to adopt proactive measures to protect themselves from similar malicious attacks in the future.

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube