Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
Even the most innocuous typo can cost the company a lot of financial losses.
An Indian company that supplies engineering equipment to Indian mining companies, as well as construction and manufacturing firms, has fallen victim to a Man-in-The-Middle (MiTM) cyberattack. As a result of the attack, the company lost more than €24,000.
According to police in the city of Pune, where the victim company was based, cybercriminals replaced one letter in the email address of the sales manager of a French company with which the Indian firm collaborated. The incident occurred earlier this year and police are conducting a thorough investigation to determine the scale of the incident.
How it all happened
According to a police investigation, the alleged attack lasted from January to March 2023. According to the investigation, the Pune-based company placed an order worth more than €51,000 from a major French engineering company in January. The order was sent to the email address of the sales manager of a French company, with whom the Pune-based firm maintained a long-term business relationship.
A few days later, the Indian firm received an email saying that the French company's bank account and SWIFT code were unavailable. The letter stated that the firm must make the payment to a new bank account in Lisbon.
Trusting this message and not suspecting fraud, the executives of the Indian firm transferred an advance payment of €24,589 to a fraudulent bank account in Lisbon. A few weeks later, the company's employees asked about the status of sending the equipment, and the French side informed them that it was still waiting for payment. This raised suspicions, and the company decided to carefully study the previous correspondence.
It was discovered that an email with information about changing bank details was sent from a fake address that differed from the real one by only one letter – "a" instead of"e". Upon realizing the fraud, the Indian company filed a formal complaint with the Pune City Police.
How cybercriminals acted
Investigators from the Pune city Police told about the method of operation of MiTM attacks. Criminals first hack into the email accounts of subjects involved in business transactions.
Then hackers carefully study current transactions and orders, and create an email address that is very similar to one of the addresses of the participants in the transaction. With this misleading email account, hackers gain the trust of targeted organizations by using information they have previously collected.
How to protect yourself from cyber attacks
The authorities stressed the importance of taking robust cybersecurity measures to avoid falling victim to such scams. Cybersecurity experts recommend the following cyber hygiene measures:
Ongoing investigation
Pune City Police have assured the affected firm and the business community at large that a thorough investigation is underway to find those responsible for this cyberattack. This case serves as a reminder for all businesses to remain vigilant and take active measures to protect themselves from cyber threats.
As the investigation continues, authorities hope to raise awareness of cybersecurity and encourage businesses to take proactive measures to protect against similar malicious attacks in the future.
Earlier, we wrote that incorrect input of the domain suffix resulted in millions of US military emails being sent to the Mali (.ml) domain instead of the correct .mil suffix. Although most of these emails are spam and do not contain classified information, some of them include sensitive data, including medical reports, identity information, lists of base crews and personnel, naval inspection reports, and other data.
An Indian company that supplies engineering equipment to Indian mining companies, as well as construction and manufacturing firms, has fallen victim to a Man-in-The-Middle (MiTM) cyberattack. As a result of the attack, the company lost more than €24,000.
According to police in the city of Pune, where the victim company was based, cybercriminals replaced one letter in the email address of the sales manager of a French company with which the Indian firm collaborated. The incident occurred earlier this year and police are conducting a thorough investigation to determine the scale of the incident.
How it all happened
According to a police investigation, the alleged attack lasted from January to March 2023. According to the investigation, the Pune-based company placed an order worth more than €51,000 from a major French engineering company in January. The order was sent to the email address of the sales manager of a French company, with whom the Pune-based firm maintained a long-term business relationship.
A few days later, the Indian firm received an email saying that the French company's bank account and SWIFT code were unavailable. The letter stated that the firm must make the payment to a new bank account in Lisbon.
Trusting this message and not suspecting fraud, the executives of the Indian firm transferred an advance payment of €24,589 to a fraudulent bank account in Lisbon. A few weeks later, the company's employees asked about the status of sending the equipment, and the French side informed them that it was still waiting for payment. This raised suspicions, and the company decided to carefully study the previous correspondence.
It was discovered that an email with information about changing bank details was sent from a fake address that differed from the real one by only one letter – "a" instead of"e". Upon realizing the fraud, the Indian company filed a formal complaint with the Pune City Police.
How cybercriminals acted
Investigators from the Pune city Police told about the method of operation of MiTM attacks. Criminals first hack into the email accounts of subjects involved in business transactions.
Then hackers carefully study current transactions and orders, and create an email address that is very similar to one of the addresses of the participants in the transaction. With this misleading email account, hackers gain the trust of targeted organizations by using information they have previously collected.
How to protect yourself from cyber attacks
The authorities stressed the importance of taking robust cybersecurity measures to avoid falling victim to such scams. Cybersecurity experts recommend the following cyber hygiene measures:
- Regularly check the security features of email addresses and mail systems.
- Add digital signatures to your email messages for verification;
- Conduct basic cybersecurity training for employees to raise awareness of potential scams and risks;
- Always confirm any changes to your bank details by contacting authorized personnel directly or by telephone.;
- Verify the authenticity of domain names when working with business objects via email addresses;
- If fraud is suspected, contact the IT department immediately, preferably within 48 hours.
Ongoing investigation
Pune City Police have assured the affected firm and the business community at large that a thorough investigation is underway to find those responsible for this cyberattack. This case serves as a reminder for all businesses to remain vigilant and take active measures to protect themselves from cyber threats.
As the investigation continues, authorities hope to raise awareness of cybersecurity and encourage businesses to take proactive measures to protect against similar malicious attacks in the future.
Earlier, we wrote that incorrect input of the domain suffix resulted in millions of US military emails being sent to the Mali (.ml) domain instead of the correct .mil suffix. Although most of these emails are spam and do not contain classified information, some of them include sensitive data, including medical reports, identity information, lists of base crews and personnel, naval inspection reports, and other data.
