Change of a letter in email address costs Pune firm 24k euros in cyber fraud

An FIR in the case was registered at Wanawadi police station last week by the founder and CEO of the Pune-based firm, which supplies engineering equipment to Indian companies involved in mining, construction and manufacturing sectors. The sequence of events of the alleged man-in-the-middle attack took place between January and March this year, said officials.

According to cyber investigators from the Pune City police, the complainant’s company had placed an order of over 51,000 euros between January and early February this year. The order was sent to the email address of a sales manager of a French company, with which the Pune-based firm had been in contact for several years.

The French company had subsequently sent a pro-forma invoice in acknowledgement. A few days later, the complainant received an email stating that their usual bank account and SWIFT (Society for Worldwide Interbank Financial Telecommunication) code from the Paris-headquartered bank were unavailable and that the payment should be made to a new account, which was in bank headquartered in Lisbon. Police said the executives of the Pune-based company trusted the communication and paid an advance of 24,589 euros to the new account.

A few weeks later, when the Pune-based company contacted the French firm inquiring about the shipment of the equipment, officials in the latter organisation said they were still awaiting payment. This prompted a review of the previous communication, which revealed that the email informing change in the bank account had in fact been sent from a fraudulent email address with just one letter — a instead of an e — different from the email address of the French entity. The complainant subsequently approached Pune police and lodged a complaint.

When contacted, senior inspector Bhausaheb Pathare, in-charge of Wanawadi police station, said a probe has been initiated in the case. Investigators from Pune City police said cyber criminals start mounting man-in-the-middle attack by hacking the email accounts of entities conducting business transactions. Once they have hacked the email address, they obtain details of the ongoing dealings and orders of the business entities involved. An email account closely resembling the participant’s mail address is then created and used to initiate communication and gain trust, using information gathered earlier. The fake email is then used to communicate that the original bank account of one of the entities is non-functional and so the deposit should be made to another account, which belongs to the hackers.

A cybercrime investigator from Pune police said man-in-the-middle attacks take place when the security features of the emails are not updated on a regular basis and the communication between two parties happens only though emails and not via any other mode. Officials have advised several cyber-hygiene measures to avoid such attacks.

According to cyber crime officials, the security features of the email addresses and mailing systems should be reviewed regularly; digital signatures should be added in email communications; staffers should receive basic training in cyber etiquettes and hygiene and possible cyber frauds or risks; when entities communicate change in banking details, the new details should be confirmed through a direct or telephonic conversation with authorised personnel; while dealing with business entities through the mail addresses, the authenticity of the domain names should be meticulously checked; in case of a cheating, the cyber crime cell should be immediately contacted, possibly within 48 hours.