PUNE– A Pune-based automobile parts company has fallen victim to a sophisticated “man-in-the-middle” cyber attack, losing approximately ₹2.35 crore in a scheme that exploited an international business transaction. The elaborate fraud involved cybercriminals impersonating an Italian supplier to divert payments for a crucial piece of machinery.
The Deceptive Lure: A Routine Purchase Turns Sour
The incident unfolded during a seemingly routine international transaction. The Pune firm was in the process of acquiring a press bending machine, valued ₹3.1 crore from an Italian manufacturing company. An initial payment of ₹75 lakh was successfully made to confirm the order, setting the stage for the remaining balance. However, unknown to the Pune company, cybercriminals had infiltrated their communication, meticulously observing the transaction’s progress.
The Impersonation: A Subtle Email Change Leads to Major Loss
As the final payment date approached, the fraudsters executed their plan. They sent an email, deceptively similar to legitimate correspondence from the Italian supplier, informing the Pune firm that the Italian company’s bank account was temporarily unavailable. This fabricated message directed the Pune firm to transfer the remaining funds to a new, fraudulent bank account provided by the cybercriminals. The subtle alteration in the email address, combined with the context of an ongoing high-value transaction, allowed the deception to go unnoticed.
The Unveiling: A Payment Confirmation Exposes the Scheme
The full extent of the fraud came to light when the Pune firm, after transferring ₹2.35 crore in two separate installments to the fraudulent account, sent payment photos to the legitimate Italian sales executive. It was at this point that the discrepancy was discovered, revealing the massive financial loss. An official First Information Report (FIR) has since been registered, initiating a formal police investigation into the cyber attack.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Preventing Future Attacks: Experts Urge Vigilance
Cyber crime police stations have frequently issued advisories emphasizing the importance of robust digital security practices. Key recommendations include regularly reviewing email security protocols, providing comprehensive training to staff on identifying and preventing cyber frauds, and critically, always confirming any changes to bank details through direct, verified communication channels, such as a phone call to a known contact, rather than relying solely on email. Meticulously checking the authenticity of domain names in email addresses is also paramount in preventing such sophisticated scams.