An engineering company in Mumbai along with its Canada-based client were targeted by cyber criminals, who made fraudulent transfers to the tune of over Rs 20 lakh from their accounts. According to Powai police that registered an FIR, this is a case of a Man-In-The-Middle (MITM) scam, where fraudsters intercept the company’s communication, impersonate the hacked parties and get money transferred to their own accounts. No arrests have been made in the case as yet.
An officer linked to the case said the Chandivali-based company, which dealt in furnace and foundry equipment, had contacted a German company to supply them hardware related to crane parts in April this year. The company normally places orders through e-mail.
The firm contacted the German company in November last year. The two companies kept communicating through emails and in February this year, the Chandivali company placed an order for some crane parts. The German company confirmed the order and asked them to make an initial payment of 30 per cent of the total amount — 5,940 euros (Rs 4.89 lakh), an officer said.
The company made a payment of Rs 4.89 lakh in April and the rest of the payment of Rs 11.24 lakh in June this year. However, within a few weeks the complainant’s company received an invoice from the German company.
“Having made the payment already, the complainant was taken aback and informed the German company of having already made the payment. They were, however, informed that no such payment had been received. The German company further confirmed that the account number to which the payment had been made did not belong to them,” a senior officer said.
At this point the complainant checked the e-mail address that had sent them the account number and found that it did not belong to the German company.
“Since the e-mail address looked similar to that of the German company and they were already in communication with them, the complainant did not realise that the e-mail address had been changed. This is called e-mail spoofing wherein you make a minor change, like adding an alphabet, to an official ID and using it to cheat people,” the officer said. Spoofing is part of the MITM scam, whereby fraudsters intercept companies that have international dealings, spoof e-mail addresses and provide their own account number for payments to be made.
In this case, after the complainant realised about the fraud and checked the other account details, he found that a similar case had taken place with them in June.
In May, a Canada-based company got in touch with the complainant and placed an order for spare parts worth 8,120 Canadian dollars (Rs 4.33 lakh).
“In this instance, fraudsters had spoofed the email address of the Chandivali-based company, provided their own account number and got the Canada-based company transfer the amount to their own account instead of the Chandivali-based company,” the officer added.
After the complainant approached the Powai police last week, an FIR had been registered on charges of cheating and relevant sections of the Information Technology Act.
“Normally in such cases tracking the accused is difficult as they use proxy networks. We are, however, trying to trace the bank account into which the money was fraudulently transferred,” the officer added.