An advertising company in Andheri was cheated of Rs.12 Lakh in a ‘man-in-the-middle’ attack. A man-in-the-middle attack allows a malicious actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. Similar scenario happened in this case.
The victim firm had received an email from the German firm, requesting to make payments for previous orders to a new bank account as some auditing work was underway. The firm has been importing firefighting systems from a Germany-based firm for the past nine years. The systems are then sold to Indian Railways, airport authorities, coal mines, among others. The Andheri company made a payment of Rs 11.89 lakh (in Euro) to the new bank account.
However, when the Andheri firm got in touch with the German company, they realised the latter had not sent them any such email. Realising they had been cheated, the Andheri company’s manager approached the police last month and an FIR was registered under relevant sections of the Indian Penal Code and IT Act. The complainant in the case is 80-year-old Firoz Doctor, a partner in the company.
The police said that the hackers accessed the confidential exchange of the complainant firm and the German company and created an email ID similar to the latter’s. They also sent a forged invoice to win their trust. The police said the fraudsters also created a fake email ID of another client the Andheri firm was dealing with, but the fraud was detected in time.
Cyber advocate Vicky Shah said, “All private companies can configure domain-based message authentication, reporting and conformance [DMARC] systems to validate e-mails and prevent impersonation. This helps to prevent such attacks.”
Cyber criminals and hackers are always looking for ways to infiltrate your network via phishing, spoofing or any other means. Emails being widely used in any organization, it is the easiest path for them to penetrate within the network. Many recent attacks have occurred via email spoofing. Hackers enter the network by forged emails appearing to be from trusted sources.
With more than 19 Years of experience in Enterprise Email & Email Security Logix is well positioned with its experts to discover, interpret, assess and analyze your DMARC compliance. Our team will handhold you through a well-defined action plan to achieve maximum compliance for your organization.
Make your Domain a “NO Phishing Zone” with DMARC Monitor, our comprehensive compliance based analytics that safeguards business enterprises against domain phishing & spoofing.