IN WHAT the police suspect to be another case of the Man in the Middle (MIM) fraud, a central Mumbai-based company almost lost Rs 5 lakh after someone hacked into the e-mail address of its MD and conned an official into making a payment. Prompt action on part of the officials, however, ensured the firm could block the payment just in time, inspite of the money having been transferred. A case of cheating has been registered.
According to the police, the incident took place on May 18, when Dilip Golwala (58), the accounts manager of the company that deals in food supply, received an e-mail from his managing director. The ‘MD’ asked him if he was in office, since a money transfer had to be made. Golwala was aware that his superior had gone to the US on May 14 and did not suspect anything amiss. He was used to such requests since he was the authorised signatory for such transactions.
An hour after he informed the ‘MD’ that he was in office and could complete the transaction, he was asked to initiate an urgent RTGS (Real Time Gross Settlement) transaction of Rs 5 lakh towards one ‘Uniq enterprises’, the police said. The MD told Golwala the transaction was urgent and had to be completed before the end of the day.
Golwala then asked for the relevant details and contacted the bank to transfer Rs 5 lakh to the account.
Fortunately for the company, said the police, their MD used two official e-mail addresses. When Golwala sent an e-mail saying that he had made the transfer, he marked both e-mail addresses. While police suspect the e-mail address used to communicate with Golwala had been hacked, the other e-mail address was not. When the actual MD saw the e-mail, he immediately called up Golwala.
The duo then realised there had been a fraud, and Golwala immediately asked the bank to cancel the transfer he had asked for.
The next day, Golwala again received an e-mail from the hacked account. The person, again pretending to be the MD, told him that while the Rs 5 lakh had been transferred, Uniq Enterprises could not withdraw the amount. Golwala did not reply to that e-mail. Later, the company officials approached the local NM Joshi Marg police station, where they registered an FIR against the unidentified accused. Senior inspector Ahmed Pathan said, “It seems to be a case of hacking. We have registered an FIR and are probing the matter.”
A Man in the Middle (MIM) attack occurs when fraudsters hack into networks of companies. They keep an eye on the clients of the company and how monetary transactions are carried out. They also study the hierarchy. On sensing an opportunity, they either hack into the email address of a senior executive or create a similar e-mail address. The accused then communicate with the accounts manager and ask him to transfer money to an account, from where they withdraw it.