It’s cyber fraud cases like these that remind us of the gravity of cyber security. A Pune-based engineering company, with an MNC status no less, fell prey to a ‘man-in-the-middle’ attack. As a result, it lost around 56,000 euros or approximately 50 lakh INR to the cyber-attack.
Case Specifics
The hackers supposedly gained illegal access into the email account of a German company which deals with said engineering company. Soon after, they studied the communication patterns and other details between the two organizations. As per police reports, the intruders created a phony email address by spoofing a valid German company account. Using this spoofed email account, the criminals started injecting themselves in the financial email communication.
Company financial officials transferred a sum of 56,450 euros to the hackers’ bank account, in lieu of services. The engineering company thought it was a regular invoice, just with a change in bank account details. Hence, the man-in-the-middle forced a valid invoice to redirect to a fraudulent bank account.
The victims registered a complaint with the police soon after they realized the fraud. The Cyber Crime Cell conducted a preliminary investigation. They decided to register a criminal case under the Information Technology Act and Indian Penal Code section 420 (Cheating). Currently, the police are looking into the details of the scam email, to find some trail back to the perpetrators.
Unfortunately, this Pune-based engineering company wasn’t the first email scam victim
In late 2019 and in 2020, Pimpri Chinchwad police had registered at least four cases in which companies lost thousands of dollars to cyber fraudsters.
In very rare cases, the losses are recovered through swift action. Here is one such case.
Given the number of defrauding cases, the Pimpri Chinchwad Police issued a 5-point advisory for the safety of businesses.
- The security strength of the company’s mail account and mailing system should be reviewed regularly and updated with newer security measures. Digital signatures to be added to outbound emails as an added layer of authentication.
- The accounting department should be made aware about cyber fraud techniques.
- If an invoice email requests the payer to direct the amount to a different account due to ‘technical problems’, confirm the change with the proper employees.
- Give special attention to the underlying domains of the mail addresses of an email.
- If you suspect intrusion, contact the Cyber Crime Cell immediately.
Get Total Protection from Invoice Fraud Attempts
We passionately advise cyber awareness and alertness. But the simple fact is that an automated tool will always outperform manual attentiveness. Recognizing the need for an invoice fraud protection tool, Logix released its Email Auto Protect (EAP) solution. It stops practically all email invoice fraud scams by establishing a few simple rigid steps in the invoicing process. The complete working and process of Email Auto Protect is explained on our EAP Service Page.
Click on the link above and safeguard your business against invoice fraud.
Read Now: More Resources On Invoice Fraud.