Man-in-the-middle (MiTM) hack caused a loss of over $24,000 for an Indian business that provided engineering equipment to Indian mining, building, and manufacturing industries. A single letter modification in the email address of a sales manager from a French company, a long-time business partner of the Indian corporation, was taken advantage of by the hackers. Authorities in Pune are looking into the situation carefully to determine the entire scope of the attack, which happened in the early months of 2023.
The attack took place over a three-month period, from January to March, it was discovered during the inquiry. On behalf of the Pune-based company, the fraudsters made an order for more than €51,000 with the French business. A few days later, the Indian company got an email informing them that the French company’s bank account information wasn’t accessible but offering an alternative account with a bank in Lisbon.
Trusting the message and unaware of the deception, the Indian company transferred an advance payment of €24,589 to the fraudulent Lisbon bank account. Several weeks later, when the Indian firm inquired about the shipment status, the French party reported they were still awaiting payment. This raised suspicions, prompting a review of previous correspondence.
Cyber Fraud Unveiled: Fake Email, Real Threats
The investigation revealed that the email regarding the bank details change had been sent from a fake address, with only one letter differing from the authentic one. The Indian company promptly filed a complaint with the Pune police upon discovering the fraud.
Authorities disclosed that the modus operandi of the MiTM attack involved hackers gaining access to email accounts involved in business transactions. They then created fake email addresses similar to those used in the transactions, leading to the trust of the targeted organizations. Pune City Police stressed the importance of robust cybersecurity measures, including verifying bank details directly and providing cybersecurity training to employees.
The inquiry is still underway with the goal of finding the offenders and increasing company understanding of cybersecurity. It serves as a reminder for companies to stay attentive and take preventative actions to safeguard themselves from cyber attacks. Furthermore, a separate issue involving email sent by the US military to the incorrect .ml domain rather than .mil revealed private information, including medical records and personnel details.