How changing two letters of Mumbai firm’s official email ID helped man walk away with ₹35 lakh
Mumbai cybercriminal interchanged two alphabets of company’s official ID to create fake one, duped two clients by asking them to deposit the money in his accountmumbai Updated: Jul 03, 2017 10:13 IST
Creating an email ID that differed from the official ID of a private firm by just two letters helped an unidentified fraudster dupe two men of Rs35 lakh.
Officials from the cyber cell identified the manner in which they were duped as email spoofing — a type of cybercrime in which a fraudster creates an email ID similar to a firm’s official ID and asks its unsuspecting clients to deposit money into his bank account.
- Three ways to prevent online attacks and scams, suggested by the cyber police:
- Before making a financial transaction, phone the person and check the details of the bank account into which the money is to be deposited. Most business transactions with foreign companies are discussed via email. Company representatives should meet in person to talk about deals. They should stay in touch throughout to avoid being cheated.
- It is important for firms to apprise their employees about man-in-the-middle attacks, data theft email hacking
- It is common for fraudsters to send their targets emails containing viruses that help them steal data. Employees should be warned not to click on such links
The two men are clients of a private company that exports garments. The men, who live in different countries, were initially meant to pay the firm by depositing the sum into an account in India, but transferred the cash into a United Kingdom-based branch on receiving an email from the fraudster.
He capitalised on the fact that the firm’s foreign clients usually pay it only after they receive its bank account details via email. He interchanged two of the letters of the company’s official ID to create a fake ID. The clients failed to spot this slight difference and fell for the scam, said officials.
The fraudster told the clients that there was an issue with the bank account they usually use and that it had been blocked. He asked them to deposit money into a UK bank between March 27 and March 31.
A police station in south Mumbai registered a case on April 26, after the company found out about the crime on April 1.
The fraudster was charged under sections 420 (cheating) of the Indian Penal Code and 66 C (identity theft) and 66 D (punishment for cheating by impersonation) of the Information Technology Act.